{"id":23112,"name":"@actions/http-client","ecosystem":"npm","repository_url":"https://github.com/actions/toolkit","issues_count":148,"created_at":"2025-06-07T03:06:56.883Z","updated_at":"2025-06-07T03:06:56.883Z","purl":"pkg:npm/@actions/http-client","metadata":{"id":787995,"name":"@actions/http-client","ecosystem":"npm","description":"Actions Http Client","homepage":"https://github.com/actions/toolkit/tree/main/packages/http-client","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/actions/toolkit","keywords_array":["github","actions","http"],"namespace":"actions","versions_count":20,"first_release_published_at":"2020-01-10T04:31:14.445Z","latest_release_published_at":"2024-08-22T14:26:46.664Z","latest_release_number":"2.2.3","last_synced_at":"2025-06-05T23:31:40.694Z","created_at":"2022-04-07T13:03:13.807Z","updated_at":"2025-06-05T23:31:40.694Z","registry_url":"https://www.npmjs.com/package/@actions/http-client","install_command":"npm install @actions/http-client","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"2.2.3"}},"repo_metadata":{"id":37793145,"uuid":"182299236","full_name":"actions/toolkit","owner":"actions","description":"The GitHub ToolKit for developing GitHub Actions.","archived":false,"fork":false,"pushed_at":"2024-05-23T15:25:19.000Z","size":8538,"stargazers_count":4732,"open_issues_count":411,"forks_count":1346,"subscribers_count":133,"default_branch":"main","last_synced_at":"2024-05-29T13:04:39.887Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://github.com/features/actions","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/actions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-19T17:08:00.000Z","updated_at":"2024-06-05T23:12:52.097Z","dependencies_parsed_at":"2024-01-09T17:55:47.873Z","dependency_job_id":"34585922-af64-4ad2-8978-c4ea20ba4d87","html_url":"https://github.com/actions/toolkit","commit_stats":{"total_commits":878,"total_committers":143,"mean_commits":6.13986013986014,"dds":0.9248291571753986,"last_synced_commit":"fe3e7ce9a7f995d29d1fcfd226a32bca407f9dc8"},"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":212280305,"owners_count":15419312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"actions","name":"GitHub Actions","uuid":"44036562","kind":"organization","description":"Automate your GitHub workflows","email":null,"website":"https://github.com/features/actions","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/44036562?v=4","repositories_count":59,"last_synced_at":"2023-04-09T12:20:28.551Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/actions","funding_links":[],"total_stars":69545,"followers":null,"following":null,"created_at":"2022-11-02T16:25:53.210Z","updated_at":"2024-03-25T18:47:17.736Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/actions/repositories"},"tags":[{"name":"@actions/artifact@2.0.1","sha":"0389dcd5e45f77675a9d06a8da8bdc331f07e883","kind":"tag","published_at":"2024-01-10T15:50:20.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/artifact@2.0.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/artifact@2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fartifact@2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fartifact@2.0.1/manifests"},{"name":"@actions/cache@3.2.2","sha":"f74ff155bd3211486732923c2801c20523450d06","kind":"tag","published_at":"2023-08-07T17:37:08.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/cache@3.2.2","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/cache@3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcache@3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcache@3.2.2/manifests"},{"name":"@actions/http-client@2.1.1","sha":"19e00168782d1936225228c0fcf47b8a0e76f868","kind":"tag","published_at":"2023-08-04T19:20:02.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/http-client@2.1.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/http-client@2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fhttp-client@2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fhttp-client@2.1.1/manifests"},{"name":"@actions/artifact@1.1.1","sha":"91d3933eb52b351f437151400a88ba7d57442a9b","kind":"commit","published_at":"2023-06-22T09:03:38.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/artifact@1.1.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/artifact@1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fartifact@1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fartifact@1.1.1/manifests"},{"name":"@actions/http-client@2.0.1-test-tag","sha":"0d44da2b87f9ed48ae889d15c6cc19667aa37ec0","kind":"commit","published_at":"2023-03-07T11:11:44.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/http-client@2.0.1-test-tag","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/http-client@2.0.1-test-tag","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fhttp-client@2.0.1-test-tag","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fhttp-client@2.0.1-test-tag/manifests"},{"name":"@actions/tool-cache@1.1.1","sha":"a2ab4bcf78e4f7080f0d45856e6eeba16f0bbc52","kind":"tag","published_at":"2019-09-05T15:03:19.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/tool-cache@1.1.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/tool-cache@1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Ftool-cache@1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Ftool-cache@1.1.1/manifests"},{"name":"@actions/io@1.0.1","sha":"a2ab4bcf78e4f7080f0d45856e6eeba16f0bbc52","kind":"tag","published_at":"2019-09-05T15:03:19.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/io@1.0.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/io@1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fio@1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fio@1.0.1/manifests"},{"name":"@actions/github@1.1.0","sha":"a2ab4bcf78e4f7080f0d45856e6eeba16f0bbc52","kind":"tag","published_at":"2019-09-05T15:03:19.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/github@1.1.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/github@1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fgithub@1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fgithub@1.1.0/manifests"},{"name":"@actions/exec@1.0.1","sha":"a2ab4bcf78e4f7080f0d45856e6eeba16f0bbc52","kind":"tag","published_at":"2019-09-05T15:03:19.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/exec@1.0.1","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/exec@1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fexec@1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fexec@1.0.1/manifests"},{"name":"@actions/core@1.1.0","sha":"a2ab4bcf78e4f7080f0d45856e6eeba16f0bbc52","kind":"tag","published_at":"2019-09-05T15:03:19.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/core@1.1.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/core@1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcore@1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcore@1.1.0/manifests"},{"name":"@actions/tool-cache@1.0.0","sha":"a40bce7c8d382aa3dbadaa327acbc696e9390e55","kind":"tag","published_at":"2019-08-07T17:33:06.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/tool-cache@1.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/tool-cache@1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Ftool-cache@1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Ftool-cache@1.0.0/manifests"},{"name":"@actions/exec@1.0.0","sha":"a40bce7c8d382aa3dbadaa327acbc696e9390e55","kind":"tag","published_at":"2019-08-07T17:33:06.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/exec@1.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/exec@1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fexec@1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fexec@1.0.0/manifests"},{"name":"@actions/github@1.0.0","sha":"a40bce7c8d382aa3dbadaa327acbc696e9390e55","kind":"tag","published_at":"2019-08-07T17:33:06.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/github@1.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/github@1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fgithub@1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fgithub@1.0.0/manifests"},{"name":"@actions/io@1.0.0","sha":"a40bce7c8d382aa3dbadaa327acbc696e9390e55","kind":"tag","published_at":"2019-08-07T17:33:06.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/io@1.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/io@1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fio@1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fio@1.0.0/manifests"},{"name":"@actions/core@1.0.0","sha":"a40bce7c8d382aa3dbadaa327acbc696e9390e55","kind":"tag","published_at":"2019-08-07T17:33:06.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/@actions/core@1.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/@actions/core@1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcore@1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/@actions%2Fcore@1.0.0/manifests"},{"name":"0.0.1","sha":"a327d577602d304759e2c4150ac2e91ad8c57391","kind":"commit","published_at":"2019-06-25T12:43:54.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/0.0.1","html_url":"https://github.com/actions/toolkit/releases/tag/0.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.1/manifests"},{"name":"0.0.0","sha":"a327d577602d304759e2c4150ac2e91ad8c57391","kind":"commit","published_at":"2019-06-25T12:43:54.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/0.0.0","html_url":"https://github.com/actions/toolkit/releases/tag/0.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.0/manifests"},{"name":"0.0.2","sha":"a327d577602d304759e2c4150ac2e91ad8c57391","kind":"commit","published_at":"2019-06-25T12:43:54.000Z","download_url":"https://codeload.github.com/actions/toolkit/tar.gz/0.0.2","html_url":"https://github.com/actions/toolkit/releases/tag/0.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions%2Ftoolkit/tags/0.0.2/manifests"}]},"repo_metadata_updated_at":"2024-09-09T16:15:45.470Z","dependent_packages_count":41,"downloads":18541459,"downloads_period":"last-month","dependent_repos_count":104097,"rankings":{"downloads":0.0964101639056816,"dependent_repos_count":0.09593399517052863,"dependent_packages_count":0.7924370409667755,"stargazers_count":1.411868309654209,"forks_count":0.9688073065571515,"docker_downloads_count":0.3338783131190369,"average":0.6165558548955639},"purl":"pkg:npm/%40actions/http-client","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3NnYtbTd3cC1qd2c0","url":"https://github.com/advisories/GHSA-9w6v-m7wp-jwg4","title":"Http request which redirect to another hostname do not strip authorization header in @actions/http-client","description":"### Impact\nIf consumers of the http-client:\n  1. make an http request with an authorization header\n  2. that request leads to a redirect (302) and\n  3. the redirect url redirects to another domain or hostname \n\nThe authorization header will get passed to the other domain.\n\nNote that since this library is for actions, the GITHUB_TOKEN that is available in actions is generated and scoped per job with [these permissions](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token).\n\n### Patches\nThe problem is fixed in 1.0.8 at [npm here](https://www.npmjs.com/package/@actions/http-client).  In 1.0.8, the authorization header is stripped before making the redirected request if the hostname is different.\n\n### Workarounds\nNone.\n\n### References\nhttps://github.com/actions/http-client/pull/27\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/actions/http-client/issues","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2020-04-29T17:58:53.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.3,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N","references":["https://github.com/actions/http-client/security/advisories/GHSA-9w6v-m7wp-jwg4","https://github.com/actions/http-client/pull/27","https://github.com/actions/http-client/commit/f6aae3dda4f4c9dc0b49737b36007330f78fd53a","https://nvd.nist.gov/vuln/detail/CVE-2020-11021","https://github.com/advisories/GHSA-9w6v-m7wp-jwg4"],"source_kind":"github","identifiers":["GHSA-9w6v-m7wp-jwg4","CVE-2020-11021"],"repository_url":"https://github.com/actions/http-client","blast_radius":31.60986074592614,"packages":[{"versions":[{"first_patched_version":"1.0.8","vulnerable_version_range":"\u003c 1.0.8"}],"ecosystem":"npm","package_name":"@actions/http-client"}],"created_at":"2022-12-21T16:13:25.030Z","updated_at":"2023-02-01T05:03:01.000Z"}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/@actions/http-client","docker_dependents_count":405,"docker_downloads_count":1734975536,"usage_url":"https://repos.ecosyste.ms/usage/npm/@actions/http-client","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/@actions/http-client/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@actions%2Fhttp-client/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@actions%2Fhttp-client/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@actions%2Fhttp-client/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/@actions%2Fhttp-client/related_packages","maintainers":[{"uuid":"chrispat","login":"chrispat","name":null,"email":"chrispat@github.com","url":null,"packages_count":15,"html_url":"https://www.npmjs.com/~chrispat","role":null,"created_at":"2022-11-08T13:33:48.334Z","updated_at":"2022-11-08T13:33:48.334Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/chrispat/packages"},{"uuid":"bryanmacfarlane","login":"bryanmacfarlane","name":null,"email":"bryanmacf@gmail.com","url":null,"packages_count":16,"html_url":"https://www.npmjs.com/~bryanmacfarlane","role":null,"created_at":"2022-11-08T13:33:48.343Z","updated_at":"2022-11-08T13:33:48.343Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/bryanmacfarlane/packages"},{"uuid":"thboop","login":"thboop","name":null,"email":"thboop@github.com","url":null,"packages_count":14,"html_url":"https://www.npmjs.com/~thboop","role":null,"created_at":"2022-11-08T13:33:48.367Z","updated_at":"2022-11-08T13:33:48.367Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/thboop/packages"},{"uuid":"konradpabjan","login":"konradpabjan","name":null,"email":"konradpabjan@github.com","url":null,"packages_count":14,"html_url":"https://www.npmjs.com/~konradpabjan","role":null,"created_at":"2022-11-08T13:33:48.385Z","updated_at":"2022-11-08T13:33:48.385Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/konradpabjan/packages"},{"uuid":"cschleiden","login":"cschleiden","name":null,"email":"cschleiden@outlook.com","url":null,"packages_count":24,"html_url":"https://www.npmjs.com/~cschleiden","role":null,"created_at":"2023-03-29T01:42:19.087Z","updated_at":"2023-03-29T01:42:19.087Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/cschleiden/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5008192,"maintainers_count":1013077,"namespaces_count":295677,"keywords_count":700469,"github":"npm","metadata":{"funded_packages_count":150263},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-07T05:25:21.688Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":117,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4513473979","node_id":"PR_kwDOPW2a187e3bPk","number":148,"state":"open","title":"Bump @actions/http-client from 4.0.0 to 4.0.1","user":"dependabot[bot]","labels":["chore","dependencies","javascript","bump-patch"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T00:36:43.000Z","updated_at":"2026-05-25T00:38:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ryanmab/incident-io-alert/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanmab%2Fincident-io-alert/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"},{"uuid":"4451493916","node_id":"PR_kwDOSP8NMc7byvaO","number":23,"state":"open","title":"chore(deps): bump the github-action-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T05:25:25.000Z","updated_at":"2026-05-15T05:27:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-action-dependencies","update_count":9,"packages":[{"name":"@actions/core","old_version":"1.11.1","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"2.2.3","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@types/node","old_version":"20.19.39","new_version":"25.8.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"8.59.2","new_version":"8.59.3","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"eslint","old_version":"8.57.1","new_version":"10.3.0","repository_url":"https://github.com/eslint/eslint"},{"name":"jest","old_version":"29.7.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"@types/jest","old_version":"29.5.14","new_version":"30.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the github-action-dependencies group with 8 updates in the /packages/github-action directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.11.1` | `3.0.1` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `2.2.3` | `4.0.1` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.39` | `25.8.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.2` | `8.59.3` |\n| [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.3.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.4.2` |\n| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.14` | `30.0.0` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@actions/core` from 1.11.1 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/http-client\u003c/code\u003e to \u003ccode\u003e3.0.2\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/exec\u003c/code\u003e from 1.1.1 to 2.0.0 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2199\"\u003e#2199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 2.0.1 to 3.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 2.2.3 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 20.19.39 to 25.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/eslint-plugin` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e@​typescript-eslint/eslint-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md\"\u003e@​typescript-eslint/eslint-plugin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for eslint-plugin to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/e26dc8003ababf078aad4df17765ee4cea30644c\"\u003e\u003ccode\u003ee26dc80\u003c/code\u003e\u003c/a\u003e docs: update stale links to latest (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12313\"\u003e#12313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/eslint-plugin\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/parser` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e@​typescript-eslint/parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md\"\u003e@​typescript-eslint/parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for parser to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/parser\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 8.57.1 to 10.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.3.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/379571a975f2b24d88037b9de2e72ec61d004130\"\u003e\u003ccode\u003e379571a\u003c/code\u003e\u003c/a\u003e feat: add suggestions for no-unused-private-class-members (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20773\"\u003e#20773\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6ae5cf07b9b51802367539cb24b245b61eaa37c\"\u003e\u003ccode\u003eb6ae5cf\u003c/code\u003e\u003c/a\u003e fix: handle unavailable require cache (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20812\"\u003e#20812\u003c/a\u003e) (Simon Podlipsky)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6fb3685bcbe9a6f72fd7dfb9129686b6fb96b0bd\"\u003e\u003ccode\u003e6fb3685\u003c/code\u003e\u003c/a\u003e fix: rule suggestions cause continuation in class body (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20787\"\u003e#20787\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/32cc7ab4ec653ce89da92deb5c40a9f4fc707fe5\"\u003e\u003ccode\u003e32cc7ab\u003c/code\u003e\u003c/a\u003e docs: fix typos in docs and comments (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20809\"\u003e#20809\u003c/a\u003e) (Tanuj Kanti)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7f479376a2fa463d823ab762db6bb37ce8d2ee8f\"\u003e\u003ccode\u003e7f47937\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d32235ec19ceea211fa86452afa383ca05f5c2f9\"\u003e\u003ccode\u003ed32235e\u003c/code\u003e\u003c/a\u003e ci: use pnpm in \u003ccode\u003eeslint-flat-config-utils\u003c/code\u003e type integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20826\"\u003e#20826\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3ffb14ea517de750ed1181579ef844af342e4096\"\u003e\u003ccode\u003e3ffb14e\u003c/code\u003e\u003c/a\u003e chore: clean up typos in comments and JSDoc (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20821\"\u003e#20821\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22eb58a21cbde2fbd53a1fae99453d408672de50\"\u003e\u003ccode\u003e22eb58a\u003c/code\u003e\u003c/a\u003e chore: add missing continue-on-error to ecosystem-tests.yml (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20818\"\u003e#20818\u003c/a\u003e) (Josh Goldberg ✨)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/88bf0024cb36caebf2880516d9a1f81aa75dafe2\"\u003e\u003ccode\u003e88bf002\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20815\"\u003e#20815\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/97c8c330beae9557ad24e19f94eebc8d08d1a722\"\u003e\u003ccode\u003e97c8c33\u003c/code\u003e\u003c/a\u003e chore: update ilshidur/action-discord action to v0.4.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20811\"\u003e#20811\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2f58136dd47364a4cae7054a64f7bf1e79693813\"\u003e\u003ccode\u003e2f58136\u003c/code\u003e\u003c/a\u003e chore: pin peter-evans/create-pull-request action to 5f6978f (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20810\"\u003e#20810\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/77add7f1bc91ed17bba3be3289928a9146c5f5a1\"\u003e\u003ccode\u003e77add7f\u003c/code\u003e\u003c/a\u003e chore: add initial ecosystem plugin tests workflow (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/19643\"\u003e#19643\u003c/a\u003e) (Josh Goldberg ✨)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4023b55490fae55e464fe35530ef038cdf5d79a5\"\u003e\u003ccode\u003e4023b55\u003c/code\u003e\u003c/a\u003e test: Add unit tests for SuppressionsService.prune() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20797\"\u003e#20797\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/54080dad4f77bb39a1a843933d4ff3a2b7c175e2\"\u003e\u003ccode\u003e54080da\u003c/code\u003e\u003c/a\u003e test: add unit tests for ForkContext (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20778\"\u003e#20778\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f0e2bcc4bf19253aaebfbd7df87824b0ca4a151f\"\u003e\u003ccode\u003ef0e2bcc\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.suppress() method (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20765\"\u003e#20765\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a7f0b94743a99bcdf8d07cff15ffbfa6a6c5f927\"\u003e\u003ccode\u003ea7f0b94\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20782\"\u003e#20782\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7bf93d9e79f6dbf77242cbb9a9b8be834730fccd\"\u003e\u003ccode\u003e7bf93d9\u003c/code\u003e\u003c/a\u003e chore: update TypeScript to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20677\"\u003e#20677\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b42dd72e76e7f90e7f0be9458288d93353052adc\"\u003e\u003ccode\u003eb42dd72\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20781\"\u003e#20781\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2b252be80f362cca7be3326a6dbe958680fdfe9a\"\u003e\u003ccode\u003e2b252be\u003c/code\u003e\u003c/a\u003e test: add unit tests for IdGenerator (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20775\"\u003e#20775\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.2.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14be92b6d1fa0923b8923830f2208e5e2705b002\"\u003e\u003ccode\u003e14be92b\u003c/code\u003e\u003c/a\u003e fix: model generator yield resumption paths in code path analysis (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20665\"\u003e#20665\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/84a19d2c32255db6b9cfc08644a607aae6d5cb62\"\u003e\u003ccode\u003e84a19d2\u003c/code\u003e\u003c/a\u003e fix: no-async-promise-executor false positives for shadowed Promise (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20740\"\u003e#20740\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/af764af0ec38225755fbf8a6f207f0c77b595a8d\"\u003e\u003ccode\u003eaf764af\u003c/code\u003e\u003c/a\u003e fix: clarify language and processor validation errors (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20729\"\u003e#20729\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e251b89a38280973e468a4a9386c138f4f55d10d\"\u003e\u003ccode\u003ee251b89\u003c/code\u003e\u003c/a\u003e fix: update eslint (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20715\"\u003e#20715\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e) (Ayush Shukla)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/39771e6e600f0b0617fdeafff6dd07e4211ffde6\"\u003e\u003ccode\u003e39771e6\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/71e04693def2df57268f08f3072a2749df6bf438\"\u003e\u003ccode\u003e71e0469\u003c/code\u003e\u003c/a\u003e docs: fix incomplete JSDoc param description in no-shadow rule (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20728\"\u003e#20728\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22119ceb93e28f62262fc1d98ff1b1442d6e2dbf\"\u003e\u003ccode\u003e22119ce\u003c/code\u003e\u003c/a\u003e docs: clarify scope of for-direction rule with dead code examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20723\"\u003e#20723\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8f3fb77f122a5641d1833cad5d93f3f54fa3be0b\"\u003e\u003ccode\u003e8f3fb77\u003c/code\u003e\u003c/a\u003e docs: document \u003ccode\u003emeta.docs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20718\"\u003e#20718\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/78892043a36da4aa7640b59c99344b00c181048a\"\u003e\u003ccode\u003e7889204\u003c/code\u003e\u003c/a\u003e 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5b69b4fce4dc407c8e960eba638b5a3409c4f1fd\"\u003e\u003ccode\u003e5b69b4f\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d32235ec19ceea211fa86452afa383ca05f5c2f9\"\u003e\u003ccode\u003ed32235e\u003c/code\u003e\u003c/a\u003e ci: use pnpm in \u003ccode\u003eeslint-flat-config-utils\u003c/code\u003e type integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20826\"\u003e#20826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6ae5cf07b9b51802367539cb24b245b61eaa37c\"\u003e\u003ccode\u003eb6ae5cf\u003c/code\u003e\u003c/a\u003e fix: handle unavailable require cache (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20812\"\u003e#20812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3ffb14ea517de750ed1181579ef844af342e4096\"\u003e\u003ccode\u003e3ffb14e\u003c/code\u003e\u003c/a\u003e chore: clean up typos in comments and JSDoc (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6fb3685bcbe9a6f72fd7dfb9129686b6fb96b0bd\"\u003e\u003ccode\u003e6fb3685\u003c/code\u003e\u003c/a\u003e fix: rule suggestions cause continuation in class body (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20787\"\u003e#20787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22eb58a21cbde2fbd53a1fae99453d408672de50\"\u003e\u003ccode\u003e22eb58a\u003c/code\u003e\u003c/a\u003e chore: add missing continue-on-error to ecosystem-tests.yml (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20818\"\u003e#20818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/88bf0024cb36caebf2880516d9a1f81aa75dafe2\"\u003e\u003ccode\u003e88bf002\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20815\"\u003e#20815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/379571a975f2b24d88037b9de2e72ec61d004130\"\u003e\u003ccode\u003e379571a\u003c/code\u003e\u003c/a\u003e feat: add suggestions for no-unused-private-class-members (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20773\"\u003e#20773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/97c8c330beae9557ad24e19f94eebc8d08d1a722\"\u003e\u003ccode\u003e97c8c33\u003c/code\u003e\u003c/a\u003e chore: update ilshidur/action-discord action to v0.4.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20811\"\u003e#20811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v8.57.1...v10.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 29.7.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/efb59c2e81083f8dc941f20d6d20a3af2dc8d068\"\u003e\u003ccode\u003eefb59c2\u003c/code\u003e\u003c/a\u003e v30.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/96c53d30660e51bf76ed2cd1ecc2334c399ac31c\"\u003e\u003ccode\u003e96c53d3\u003c/code\u003e\u003c/a\u003e feat(jest-config): add \u003ccode\u003edefineConfig\u003c/code\u003e and \u003ccode\u003emergeConfig\u003c/code\u003e functions (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/15844\"\u003e#15844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/855864e3f9751366455246790be2bf912d4d0dac\"\u003e\u003ccode\u003e855864e\u003c/code\u003e\u003c/a\u003e v30.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/da9b532f04632367b0df15a842280501f225b732\"\u003e\u003ccode\u003eda9b532\u003c/code\u003e\u003c/a\u003e v30.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/ebfa31cc9787303e8698a1a029a162a18e8974aa\"\u003e\u003ccode\u003eebfa31c\u003c/code\u003e\u003c/a\u003e v30.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/d347c0f3f87f976a1dbd9761d503e45f5ced2a7e\"\u003e\u003ccode\u003ed347c0f\u003c/code\u003e\u003c/a\u003e v30.1.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/jest` from 29.5.14 to 30.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/jest` from 29.5.14 to 30.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript` from 5.9.3 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/TypeScript/releases\"\u003etypescript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTypeScript 6.0.3\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.3%22\"\u003efixed issues query for TypeScript 6.0.3 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0 Beta\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0-beta/\"\u003erelease announcement\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22+is%3Aclosed+\"\u003efixed issues query for Typescript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/050880ce59e30b356b686bd3144efe24f875ebc8\"\u003e\u003ccode\u003e050880c\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.3 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/eeae9dd0f17aa494658e4ec079dc002e02dd625e\"\u003e\u003ccode\u003eeeae9dd\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63401\"\u003e#63401\u003c/a\u003e (Also check package name validity in...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/ad1c695fada682764bb510dd680e8f175ae54094\"\u003e\u003ccode\u003ead1c695\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63368\"\u003e#63368\u003c/a\u003e (Harden ATA package name filtering) into release-6.0 (\u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63372\"\u003e#63372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/0725fb4664a1d5ec94040b6d94db77dc1cc354e4\"\u003e\u003ccode\u003e0725fb4\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63310\"\u003e#63310\u003c/a\u003e (Mark class property initializers as...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/607a22a90d1a5a1b507ce01bb8cd7ec020f954e7\"\u003e\u003ccode\u003e607a22a\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.2 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/9e72ab71b575e26795d0d9eac3d2d9957beed17c\"\u003e\u003ccode\u003e9e72ab7\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63239\"\u003e#63239\u003c/a\u003e (Fix missing lib files in reused pro...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/35ff23d4b0cc715691323ebe54f523c16fe6e3a5\"\u003e\u003ccode\u003e35ff23d\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63163\"\u003e#63163\u003c/a\u003e (Port anyFunctionType subtype fix an...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/e175b69138038953d4e85bf6529afe88d56d8fbe\"\u003e\u003ccode\u003ee175b69\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.1-rc and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/af4caac0e91e838c46b3fdc1c9afacad68800f89\"\u003e\u003ccode\u003eaf4caac\u003c/code\u003e\u003c/a\u003e Update LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/8efd7e8544d8b35c9b33bca44a3124aa2613bf09\"\u003e\u003ccode\u003e8efd7e8\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into release-6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/77mdias/criptenv/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/77mdias%2Fcriptenv/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"},{"uuid":"4371373102","node_id":"PR_kwDOEUDDls7XwHJl","number":493,"state":"open","title":"fix(deps): bump the minor-patch-updates group across 1 directory with 56 updates","user":"dependabot[bot]","labels":["dependencies","npm"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-03T09:18:55.000Z","updated_at":"2026-05-03T09:19:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"minor-patch-updates","update_count":56,"packages":[{"name":"@cognigy/rest-api-client","old_version":"2026.5.0","new_version":"2026.8.0"},{"name":"@langchain/community","old_version":"1.1.14","new_version":"1.1.27","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"@langchain/core","old_version":"1.1.24","new_version":"1.1.41","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.4","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"inquirer","old_version":"13.2.2","new_version":"13.4.2","repository_url":"https://github.com/SBoudrias/Inquirer.js"},{"name":"mammoth","old_version":"1.11.0","new_version":"1.12.0","repository_url":"https://github.com/mwilliamson/mammoth.js"},{"name":"playwright","old_version":"1.58.2","new_version":"1.59.1","repository_url":"https://github.com/microsoft/playwright"},{"name":"@commitlint/cli","old_version":"20.4.2","new_version":"20.5.2","repository_url":"https://github.com/conventional-changelog/commitlint"},{"name":"@commitlint/prompt","old_version":"20.4.0","new_version":"20.5.2","repository_url":"https://github.com/conventional-changelog/commitlint"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@mongodb-js/saslprep","old_version":"1.4.6","new_version":"1.4.10","repository_url":"https://github.com/mongodb-js/devtools-shared"},{"name":"@xmldom/xmldom","old_version":"0.8.12","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"baseline-browser-mapping","old_version":"2.10.19","new_version":"2.10.25","repository_url":"https://github.com/web-platform-dx/baseline-browser-mapping"},{"name":"caniuse-lite","old_version":"1.0.30001788","new_version":"1.0.30001791","repository_url":"https://github.com/browserslist/caniuse-lite"},{"name":"electron-to-chromium","old_version":"1.5.336","new_version":"1.5.349","repository_url":"https://github.com/Kilian/electron-to-chromium"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.3","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"ibm-cloud-sdk-core","old_version":"5.4.11","new_version":"5.4.12","repository_url":"https://github.com/IBM/node-sdk-core"},{"name":"jsonfile","old_version":"6.2.0","new_version":"6.2.1","repository_url":"https://github.com/jprichardson/node-jsonfile"},{"name":"langsmith","old_version":"0.5.19","new_version":"0.6.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"mongoose","old_version":"9.4.1","new_version":"9.6.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"node-releases","old_version":"2.0.37","new_version":"2.0.38","repository_url":"https://github.com/chicoxyzzy/node-releases"},{"name":"npm","old_version":"11.12.1","new_version":"11.13.0","repository_url":"https://github.com/npm/cli"}],"path":null,"ecosystem":"npm"},"body":"Bumps the minor-patch-updates group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| @cognigy/rest-api-client | `2026.5.0` | `2026.8.0` |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs) | `1.1.14` | `1.1.27` |\n| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.1.24` | `1.1.41` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.4` |\n| [inquirer](https://github.com/SBoudrias/Inquirer.js) | `13.2.2` | `13.4.2` |\n| [mammoth](https://github.com/mwilliamson/mammoth.js) | `1.11.0` | `1.12.0` |\n| [playwright](https://github.com/microsoft/playwright) | `1.58.2` | `1.59.1` |\n| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.2` | `20.5.2` |\n| [@commitlint/prompt](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/prompt) | `20.4.0` | `20.5.2` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `4.0.0` | `4.0.1` |\n| [@mongodb-js/saslprep](https://github.com/mongodb-js/devtools-shared) | `1.4.6` | `1.4.10` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.12` | `0.8.13` |\n| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.19` | `2.10.25` |\n| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001788` | `1.0.30001791` |\n| [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.336` | `1.5.349` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` |\n| [ibm-cloud-sdk-core](https://github.com/IBM/node-sdk-core) | `5.4.11` | `5.4.12` |\n| [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.5.19` | `0.6.0` |\n| [mongoose](https://github.com/Automattic/mongoose) | `9.4.1` | `9.6.1` |\n| [node-releases](https://github.com/chicoxyzzy/node-releases) | `2.0.37` | `2.0.38` |\n| [npm](https://github.com/npm/cli) | `11.12.1` | `11.13.0` |\n\n\nUpdates `@cognigy/rest-api-client` from 2026.5.0 to 2026.8.0\n\nUpdates `@langchain/community` from 1.1.14 to 1.1.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchainjs/releases\"\u003e@​langchain/community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.27\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/9270c48d7a95db6e7e2570a7e681c94479a673d0\"\u003e\u003ccode\u003e9270c48\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.38\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.27\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.26\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6933769836fe3cec835588e5f8db9883200865f6\"\u003e\u003ccode\u003e6933769\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/50d5f32fd30cabebf058b1c13255c1daadde6107\"\u003e\u003ccode\u003e50d5f32\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/555299917c90322e25d7671bad2e20c9b104bad6\"\u003e\u003ccode\u003e5552999\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/8331833c93ba907063c9fe28e9f935ed5dfec11c\"\u003e\u003ccode\u003e8331833\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.37\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.26\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.25\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/478652c01cdae0703415febd250b6c2656b36410\"\u003e\u003ccode\u003e478652c\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/3d35eb112b46b36aea80cebe0147e315d03a1d8e\"\u003e\u003ccode\u003e3d35eb1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/bbbfea185c0777ae06df2b24a1a84f941d499c2a\"\u003e\u003ccode\u003ebbbfea1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/52e501b44ee54ace1889ec9149a3617c4409db51\"\u003e\u003ccode\u003e52e501b\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.25\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.36\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6b914bceb4acd4664b12091770a2ddcbf5d8457e\"\u003e\u003ccode\u003e6b914bc\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10553\"\u003e#10553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/7ed93b8b8a6e9eb0da3e103d74087c692fee2773\"\u003e\u003ccode\u003e7ed93b8\u003c/code\u003e\u003c/a\u003e fix(langchain): allow dynamic tools in wrapModelCall with wrapToolCall (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10543\"\u003e#10543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/9270c48d7a95db6e7e2570a7e681c94479a673d0\"\u003e\u003ccode\u003e9270c48\u003c/code\u003e\u003c/a\u003e fix(openai): preserve reasoning_content in ChatOpenAICompletions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10551\"\u003e#10551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/f54805305787fa383c3ce1e287daafdb5464a98b\"\u003e\u003ccode\u003ef548053\u003c/code\u003e\u003c/a\u003e fix(langchain): bump langgraph dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10555\"\u003e#10555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/11a295fdadec3809f40c10492e3fd474e832c468\"\u003e\u003ccode\u003e11a295f\u003c/code\u003e\u003c/a\u003e fix(langchain): add support for dynamic structured output (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10554\"\u003e#10554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e fix(langchain): accept cross-version runnable models in createAgent (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10552\"\u003e#10552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/cd86fea8de2130d0df60805baada81958d47c747\"\u003e\u003ccode\u003ecd86fea\u003c/code\u003e\u003c/a\u003e fix: implement tool choice required on anthropic (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10519\"\u003e#10519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b57760c55a721ed65a456bbad11172e35adee177\"\u003e\u003ccode\u003eb57760c\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10516\"\u003e#10516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6e2d29e28a8f2a84f6fbbe5755d6b4fe2d5d4fd1\"\u003e\u003ccode\u003e6e2d29e\u003c/code\u003e\u003c/a\u003e tests(\u003ccode\u003e@​langchain/google\u003c/code\u003e): Lyria 3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10522\"\u003e#10522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/68e0a19238be592514b6c01243c41aefaa6a7668\"\u003e\u003ccode\u003e68e0a19\u003c/code\u003e\u003c/a\u003e fix(langchain): revert zod import in utils.ts to fix v3/v4 interop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10545\"\u003e#10545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/@langchain/community@1.1.14...@langchain/community@1.1.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@langchain/core` from 1.1.24 to 1.1.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchainjs/releases\"\u003e@​langchain/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.41\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10733\"\u003e#10733\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589f29ce844eb252c2d5e6b0f8d26de37763a0d7\"\u003e\u003ccode\u003e589f29c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - fix(core): Update inheritance behavior for tracer metadata for special keys\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10711\"\u003e#10711\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2e9e6969e248a53ede0659a41d0ac8dbaf291ab4\"\u003e\u003ccode\u003e2e9e696\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - feat(core): Add chat model and llm invocation params to traced metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.40\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10694\"\u003e#10694\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/d3e080995bb267bf3797067ab53c96bc2a6c8e3f\"\u003e\u003ccode\u003ed3e0809\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - refactor(core): decouple tracer-only metadata defaults from runnable metadata\n\u003cul\u003e\n\u003cli\u003eAdd tracer-scoped inheritable metadata/tag options in callback manager while keeping backward-compatible aliases.\u003c/li\u003e\n\u003cli\u003eMove configurable-to-tracing metadata derivation into a tracer-only path and keep \u003ccode\u003eensureConfig\u003c/code\u003e metadata mirroring limited to \u003ccode\u003emodel\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eLangChainTracer\u003c/code\u003e default metadata/tag handling and add regression tests for stream events metadata behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.39\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10430\"\u003e#10430\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/d3d0922c24afcd3006fb94dcadd3ebe08fbf2383\"\u003e\u003ccode\u003ed3d0922\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - feat(langchain): support for browser tools\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.38\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10552\"\u003e#10552\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - fix(langchain): accept cross-version runnable models in createAgent\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.37\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10511\"\u003e#10511\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6933769836fe3cec835588e5f8db9883200865f6\"\u003e\u003ccode\u003e6933769\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - cache Zod-to-JSON-Schema conversions in toJsonSchema()\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10541\"\u003e#10541\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/50d5f32fd30cabebf058b1c13255c1daadde6107\"\u003e\u003ccode\u003e50d5f32\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - revert: Revert \u0026quot;feat(core): Add all chat model/llm invocation params to metadata\u0026quot;\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10509\"\u003e#10509\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/555299917c90322e25d7671bad2e20c9b104bad6\"\u003e\u003ccode\u003e5552999\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - feat(openai): add support for phase parameter on Responses API messages\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ephase\u003c/code\u003e from message output items and surface it on text content blocks\u003c/li\u003e\n\u003cli\u003eSupport phase in streaming via \u003ccode\u003eresponse.output_item.added\u003c/code\u003e events\u003c/li\u003e\n\u003cli\u003eRound-trip phase through both raw provider and standard content paths\u003c/li\u003e\n\u003cli\u003eMove phase into \u003ccode\u003eextras\u003c/code\u003e dict in the core standard content translator\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10528\"\u003e#10528\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/8331833c93ba907063c9fe28e9f935ed5dfec11c\"\u003e\u003ccode\u003e8331833\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - fix(core): normalize single-block content in mergeContent\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.36\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10512\"\u003e#10512\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/bbbfea185c0777ae06df2b24a1a84f941d499c2a\"\u003e\u003ccode\u003ebbbfea1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - fix(core): fix streaming chunk merge for providers without \u003ccode\u003eindex\u003c/code\u003e on tool call deltas\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e_mergeLists\u003c/code\u003e now falls back to \u003ccode\u003eid\u003c/code\u003e-based matching when items don't have an \u003ccode\u003eindex\u003c/code\u003e field. Previously, providers routing through the OpenAI-compatible API without \u003ccode\u003eindex\u003c/code\u003e on streaming tool call deltas (e.g. Anthropic models via \u003ccode\u003eChatOpenAI\u003c/code\u003e) would accumulate hundreds of individual raw deltas in \u003ccode\u003etool_call_chunks\u003c/code\u003e and \u003ccode\u003eadditional_kwargs.tool_calls\u003c/code\u003e instead of merging them into a single entry per tool call. In a real trace with 3 concurrent subagents, this caused a single AI message to balloon from ~4KB to 146KB -- with 826 uncollapsed streaming fragments carrying a few bytes each.\u003c/p\u003e\n\u003cp\u003eAlso fixes \u003ccode\u003eSystemMessage.concat()\u003c/code\u003e which used \u003ccode\u003e...this\u003c/code\u003e to spread all instance properties (including \u003ccode\u003elc_kwargs\u003c/code\u003e) into the new constructor, causing each chained \u003ccode\u003econcat()\u003c/code\u003e call to nest one level deeper. After 7 middleware \u003ccode\u003econcat()\u003c/code\u003e calls (typical in deepagents), a 7KB system prompt would serialize to 81KB due to content being duplicated at every nesting level.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.35\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/f6de26c8f8e010a8a27d9e0b47347ccd85ef0ca6\"\u003e\u003ccode\u003ef6de26c\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10725\"\u003e#10725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/345fd642fb47373cc82e22efc37cdc3da4683d52\"\u003e\u003ccode\u003e345fd64\u003c/code\u003e\u003c/a\u003e fix(deps): patch 7 critical/high Dependabot security alerts (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10734\"\u003e#10734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589f29ce844eb252c2d5e6b0f8d26de37763a0d7\"\u003e\u003ccode\u003e589f29c\u003c/code\u003e\u003c/a\u003e fix(core): Update inheritance behavior for tracer metadata for special keys (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/ad153c185b6cf813d4b7695740d9a4453d2cb63f\"\u003e\u003ccode\u003ead153c1\u003c/code\u003e\u003c/a\u003e feat(anthropic): add opus 4.7 compatibility updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10726\"\u003e#10726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/49ac9e7404e5a9269b9ac047711ee96dd928b231\"\u003e\u003ccode\u003e49ac9e7\u003c/code\u003e\u003c/a\u003e feat(langchain): Adds ls_agent_type to create agent runs as tracing metadata ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2e9e6969e248a53ede0659a41d0ac8dbaf291ab4\"\u003e\u003ccode\u003e2e9e696\u003c/code\u003e\u003c/a\u003e feat(core): Add chat model and llm invocation params to traced metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10711\"\u003e#10711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/0bf9d7e066bce89400a96001f1962a8648753e01\"\u003e\u003ccode\u003e0bf9d7e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.5.18 to 0.5.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10714\"\u003e#10714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/0c799481f691e046a4533588fc96e190669fa16e\"\u003e\u003ccode\u003e0c79948\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10699\"\u003e#10699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/c955df43ec72bd9530781186378ad88cccaa1306\"\u003e\u003ccode\u003ec955df4\u003c/code\u003e\u003c/a\u003e chore(ci): use pnpm and peerDeps for pkg.pr.new previews (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10702\"\u003e#10702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/301b086d697861b3255419f007ea676aa7a117d2\"\u003e\u003ccode\u003e301b086\u003c/code\u003e\u003c/a\u003e ci: add PR title lint workflow (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10703\"\u003e#10703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.1.24...@langchain/core@1.1.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fs-extra` from 11.3.3 to 11.3.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md\"\u003efs-extra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e11.3.4 / 2026-03-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where calling \u003ccode\u003eensureSymlink\u003c/code\u003e/\u003ccode\u003eensureSymlinkSync\u003c/code\u003e with a relative \u003ccode\u003esrcPath\u003c/code\u003e would fail if the symlink already existed (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1038\"\u003e#1038\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/353a29b18c883fa0f3997fd8be90a89077633af4\"\u003e\u003ccode\u003e353a29b\u003c/code\u003e\u003c/a\u003e 11.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/3e65fbe81e565e2cd16a5f0ff1b3d8623610bb7a\"\u003e\u003ccode\u003e3e65fbe\u003c/code\u003e\u003c/a\u003e fix(ensureSymlink): resolve relative srcpath correctly when symlink exists (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/e2615e501e7b261b832170b3eb7e26c82668b215\"\u003e\u003ccode\u003ee2615e5\u003c/code\u003e\u003c/a\u003e Fix git URL in package.json (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jprichardson/node-fs-extra/compare/11.3.3...11.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `inquirer` from 13.2.2 to 13.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/releases\"\u003einquirer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003einquirer@13.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: some Windows terminals would freeze and not react to keypresses.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eexpand\u003c/code\u003e prompt type inferrence.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeat: Added a loading message while validating editor prompt input.\u003c/li\u003e\n\u003cli\u003eType improvement: Better type inference with checkbox, search and expand prompts.\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003eeditor\u003c/code\u003e prompt not always properly handling editor path on windows.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix broken 1.3.1 release process.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.2.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/input\u003c/code\u003e): handle numeric default values by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1978\"\u003eSBoudrias/Inquirer.js#1978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the linting group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1982\"\u003eSBoudrias/Inquirer.js#1982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1983\"\u003eSBoudrias/Inquirer.js#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1984\"\u003eSBoudrias/Inquirer.js#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1985\"\u003eSBoudrias/Inquirer.js#1985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(\u003ccode\u003e@​inquirer/core\u003c/code\u003e): replace wrap-ansi with fast-wrap-ansi by \u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1981\"\u003eSBoudrias/Inquirer.js#1981\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump semver from 7.7.3 to 7.7.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1992\"\u003eSBoudrias/Inquirer.js#1992\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the build group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1990\"\u003eSBoudrias/Inquirer.js#1990\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1991\"\u003eSBoudrias/Inquirer.js#1991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.27.0 to 0.28.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1989\"\u003eSBoudrias/Inquirer.js#1989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): add E2E testing support for CLI applications by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1980\"\u003eSBoudrias/Inquirer.js#1980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): auto-mock \u003ccode\u003e@​inquirer/prompts\u003c/code\u003e barrel re-exports by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1994\"\u003eSBoudrias/Inquirer.js#1994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: auto-merge dependabot PRs for patch and minor updates by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1995\"\u003eSBoudrias/Inquirer.js#1995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): prevent artificial line wrapping in test output by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1996\"\u003eSBoudrias/Inquirer.js#1996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): declare @inquirer/* packages as optional peerDependencies by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1997\"\u003eSBoudrias/Inquirer.js#1997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.28.0 to 0.32.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1999\"\u003eSBoudrias/Inquirer.js#1999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.8.3 to 2.8.9 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2000\"\u003eSBoudrias/Inquirer.js#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2001\"\u003eSBoudrias/Inquirer.js#2001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump vitest from 3.2.4 to 4.0.18 in the testing group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1998\"\u003eSBoudrias/Inquirer.js#1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump \u003ccode\u003e@​xterm/headless\u003c/code\u003e from 5.5.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2002\"\u003eSBoudrias/Inquirer.js#2002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): handle SWC-style module namespace objects in wrapPrompt by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2004\"\u003eSBoudrias/Inquirer.js#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1981\"\u003eSBoudrias/Inquirer.js#1981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.2.5\"\u003ehttps://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.2.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003einquirer@13.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/input\u003c/code\u003e): handle numeric default values by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1978\"\u003eSBoudrias/Inquirer.js#1978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the linting group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1982\"\u003eSBoudrias/Inquirer.js#1982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1983\"\u003eSBoudrias/Inquirer.js#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1984\"\u003eSBoudrias/Inquirer.js#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1985\"\u003eSBoudrias/Inquirer.js#1985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/35bda2afd31b4acca8f800259b9f7ca4e95a1d9d\"\u003e\u003ccode\u003e35bda2a\u003c/code\u003e\u003c/a\u003e chore: Publish new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/98eee295e15283675e6264bbbcef4e09bb96e17e\"\u003e\u003ccode\u003e98eee29\u003c/code\u003e\u003c/a\u003e fix(lint): suppress no-unnecessary-type-parameters on parseJSON helper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/aba596504234db6c516ff1a145dbf3b58e7d490c\"\u003e\u003ccode\u003eaba5965\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump \u003ccode\u003e@​types/node\u003c/code\u003e in the types group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2088\"\u003e#2088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/db8fbf1bd466aa93429528674ee0e155fef405be\"\u003e\u003ccode\u003edb8fbf1\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump turbo from 2.9.5 to 2.9.6 in the build group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/3cdecf52aca9fde0b31fb66dbc55237a9f315e79\"\u003e\u003ccode\u003e3cdecf5\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump oxfmt in the formatting group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e370b57fd16ec01e07601684b6e635437ccc9481\"\u003e\u003ccode\u003ee370b57\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the linting group with 5 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2085\"\u003e#2085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/27872678c1b9951e70ed40b92a6321145a028c1d\"\u003e\u003ccode\u003e2787267\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the testing group with 3 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2084\"\u003e#2084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/0c554996d480b1fc458181998f056f8d1af3197a\"\u003e\u003ccode\u003e0c55499\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the formatting group with 2 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e7115d913a6678d38a8ec0f1b3b5a09b53e14918\"\u003e\u003ccode\u003ee7115d9\u003c/code\u003e\u003c/a\u003e fix(\u003ccode\u003e@​inquirer/core\u003c/code\u003e): mute output after readline initialization (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2077\"\u003e#2077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e5e14ab557dd77d9b074f574bf839acbab7b3524\"\u003e\u003ccode\u003ee5e14ab\u003c/code\u003e\u003c/a\u003e chore(deps): Bump dependabot/fetch-metadata from 2 to 3 (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mammoth` from 1.11.0 to 1.12.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mwilliamson/mammoth.js/blob/master/NEWS\"\u003emammoth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.12.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle hyperlinked wp:anchor and wp:inline elements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle hyperlink complex fields with unquoted hrefs.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/380a4a8279a22201d0a3f729cc4f3587f104877d\"\u003e\u003ccode\u003e380a4a8\u003c/code\u003e\u003c/a\u003e Bump version to 1.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/0830b29be54e02460654cd60116472cb9e065472\"\u003e\u003ccode\u003e0830b29\u003c/code\u003e\u003c/a\u003e Clarify variable name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/8e6c5c7a3387b43b5d10f81357f7a1e1d87f451b\"\u003e\u003ccode\u003e8e6c5c7\u003c/code\u003e\u003c/a\u003e Clarify test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/04ac1b979cb0539bd70445e3c4ed82572309ffe0\"\u003e\u003ccode\u003e04ac1b9\u003c/code\u003e\u003c/a\u003e Simplify HYPERLINK field handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/6cfbe0b8952b809bb1a3564041c8155405336167\"\u003e\u003ccode\u003e6cfbe0b\u003c/code\u003e\u003c/a\u003e Handle hyperlink complex fields with unquoted hrefs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/5b8d20f1cdca33a08cd0cb72af5b13c22653cea3\"\u003e\u003ccode\u003e5b8d20f\u003c/code\u003e\u003c/a\u003e Handle hyperlinked wp:anchor and wp:inline elements\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mwilliamson/mammoth.js/compare/1.11.0...1.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `playwright` from 1.58.2 to 1.59.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/playwright/releases\"\u003eplaywright's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.59.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e[Windows]\u003c/strong\u003e Reverted hiding console window when spawning browser processes, which caused regressions including broken \u003ccode\u003ecodegen\u003c/code\u003e, \u003ccode\u003e--ui\u003c/code\u003e and \u003ccode\u003eshow\u003c/code\u003e commands (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39990\"\u003e#39990\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.59.0\u003c/h2\u003e\n\u003ch2\u003e🎬 Screencast\u003c/h2\u003e\n\u003cp\u003eNew \u003ca href=\"https://playwright.dev/docs/api/class-page#page-screencast\"\u003epage.screencast\u003c/a\u003e API provides a unified interface for capturing page content with:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eScreencast recordings\u003c/li\u003e\n\u003cli\u003eAction annotations\u003c/li\u003e\n\u003cli\u003eVisual overlays\u003c/li\u003e\n\u003cli\u003eReal-time frame capture\u003c/li\u003e\n\u003cli\u003eAgentic video receipts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eScreencast recording\u003c/strong\u003e — record video with precise start/stop control, as an alternative to the \u003ca href=\"https://playwright.dev/docs/api/class-browser#browser-new-context-option-record-video\"\u003e\u003ccode\u003erecordVideo\u003c/code\u003e\u003c/a\u003e option:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eawait page.screencast.start({ path: 'video.webm' });\r\n// ... perform actions ...\r\nawait page.screencast.stop();\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eAction annotations\u003c/strong\u003e — enable built-in visual annotations that highlight interacted elements and display action titles during recording:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eawait page.screencast.showActions({ position: 'top-right' });\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003ca href=\"https://playwright.dev/docs/api/class-screencast#screencast-show-actions\"\u003escreencast.showActions()\u003c/a\u003e accepts \u003ccode\u003eposition\u003c/code\u003e (\u003ccode\u003e'top-left'\u003c/code\u003e, \u003ccode\u003e'top'\u003c/code\u003e, \u003ccode\u003e'top-right'\u003c/code\u003e, \u003ccode\u003e'bottom-left'\u003c/code\u003e, \u003ccode\u003e'bottom'\u003c/code\u003e, \u003ccode\u003e'bottom-right'\u003c/code\u003e), \u003ccode\u003eduration\u003c/code\u003e (ms per annotation), and \u003ccode\u003efontSize\u003c/code\u003e (px). Returns a disposable to stop showing actions.\u003c/p\u003e\n\u003cp\u003eAction annotations can also be enabled in test fixtures via the \u003ccode\u003evideo\u003c/code\u003e option:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// playwright.config.ts\r\nexport default defineConfig({\r\n  use: {\r\n    video: {\r\n      mode: 'on',\r\n      show: {\r\n        actions: { position: 'top-left' },\r\n        test: { position: 'top-right' },\r\n      },\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/d466ac5358cae058cdc75d2ae3ab3ad220042730\"\u003e\u003ccode\u003ed466ac5\u003c/code\u003e\u003c/a\u003e chore: mark v1.59.1 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/40005\"\u003e#40005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/530e7e5f0021730948605a5788790d353d9cf444\"\u003e\u003ccode\u003e530e7e5\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/4004\"\u003e#4004\u003c/a\u003e): fix(cli): kill-all should kill dashboard\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/9aa216c8d7f866e8a8fa94ca55d86e81a8f4decb\"\u003e\u003ccode\u003e9aa216c\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39994\"\u003e#39994\u003c/a\u003e): Revert \u0026quot;fix(windows): hide console window when spawning ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/01b2b1533e0bfa1c582117e3ec109fcb57657747\"\u003e\u003ccode\u003e01b2b15\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39980\"\u003e#39980\u003c/a\u003e): chore: more release notes fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/a5cb6c9a2f52078de075413beb812e3180d195ba\"\u003e\u003ccode\u003ea5cb6c9\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39972\"\u003e#39972\u003c/a\u003e): chore: expose browser.bind and browser.unbind APIs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/99a17b58541798b03257c57a9e5589db2394f89e\"\u003e\u003ccode\u003e99a17b5\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39975\"\u003e#39975\u003c/a\u003e): chore: support opening .trace files via .link indirection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/43607c3b71d89445a6473708429eeecd6f571d6e\"\u003e\u003ccode\u003e43607c3\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39974\"\u003e#39974\u003c/a\u003e): chore(webkit): update Safari user-agent version to 26.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/62cabe19eb07e329086e5cb20441737cf51367d0\"\u003e\u003ccode\u003e62cabe1\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39969\"\u003e#39969\u003c/a\u003e): chore(npm): include all *.md from lib (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39970\"\u003e#39970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/0c65a759af337ba5143ebbe34afe4141482ce2d4\"\u003e\u003ccode\u003e0c65a75\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39968\"\u003e#39968\u003c/a\u003e): chore: screencast.showActions api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/f04155b09034c21719162146d6016de9933a2dbe\"\u003e\u003ccode\u003ef04155b\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39958\"\u003e#39958\u003c/a\u003e): chore: release notes for langs v1.59\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/playwright/compare/v1.58.2...v1.59.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/cli` from 20.4.2 to 20.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCore \u0026amp; co\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: deps and CI improvements by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4660\"\u003econventional-changelog/commitlint#4660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore push on all branches, avoid duplicate runs by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4665\"\u003econventional-changelog/commitlint#4665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(resolve-extends): always resolve extended parser presets for proper merging by \u003ca href=\"https://github.com/omar-y-abdi\"\u003e\u003ccode\u003e@​omar-y-abdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4647\"\u003econventional-changelog/commitlint#4647\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md\"\u003e@​commitlint/cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/cli\u003c/code\u003e\u003c/p\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e validate that --cwd directory exists before execution (\u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4658\"\u003e#4658\u003c/a\u003e) (\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/cf80f75745593f4f018cac301a91f23316c974fd\"\u003ecf80f75\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4595\"\u003e#4595\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.3...v20.4.4\"\u003e20.4.4\u003c/a\u003e (2026-03-12)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/cli\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.2...v20.4.3\"\u003e20.4.3\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efooter parser does not escape special chars for regex \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4560\"\u003e#4560\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4634\"\u003e#4634\u003c/a\u003e) (\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/8ff7c7fcbc2db2b45910ecb5c01e9f1763060770\"\u003e8ff7c7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7918e9cf70f822505cb4422c03150a86f802627\"\u003e\u003ccode\u003ea7918e9\u003c/code\u003e\u003c/a\u003e v20.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/cf80f75745593f4f018cac301a91f23316c974fd\"\u003e\u003ccode\u003ecf80f75\u003c/code\u003e\u003c/a\u003e fix(cli): validate that --cwd directory exists before execution (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4658\"\u003e#4658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/02d7245e9b204ed07a68298e4d73c8d82a4b7f81\"\u003e\u003ccode\u003e02d7245\u003c/code\u003e\u003c/a\u003e v20.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7469817974796a6e89f55911bb66b7bffa44099\"\u003e\u003ccode\u003ea746981\u003c/code\u003e\u003c/a\u003e v20.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/18bd371428771ecc98a7b2f00194bfcbfb4ba809\"\u003e\u003ccode\u003e18bd371\u003c/code\u003e\u003c/a\u003e chore: deps (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4635\"\u003e#4635\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/8ff7c7fcbc2db2b45910ecb5c01e9f1763060770\"\u003e\u003ccode\u003e8ff7c7f\u003c/code\u003e\u003c/a\u003e fix: footer parser does not escape special chars for regex \u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4560\"\u003e#4560\u003c/a\u003e (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4634\"\u003e#4634\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.2/@commitlint/cli\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/prompt` from 20.4.0 to 20.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/prompt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/prompt/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCore \u0026amp; co\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: deps and CI improvements by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4660\"\u003econventional-changelog/commitlint#4660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore push on all branches, avoid duplicate runs by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4665\"\u003econventional-changelog/commitlint#4665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(resolve-extends): always resolve extended parser presets for proper merging by \u003ca href=\"https://github.com/omar-y-abdi\"\u003e\u003ccode\u003e@​omar-y-abdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4647\"\u003econventional-changelog/commitlint#4647\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/prompt/CHANGELOG.md\"\u003e@​commitlint/prompt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.3...v20.4.4\"\u003e20.4.4\u003c/a\u003e (2026-03-12)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.2...v20.4.3\"\u003e20.4.3\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.1...v20.4.2\"\u003e20.4.2\u003c/a\u003e (2026-02-19)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.0...v20.4.1\"\u003e20.4.1\u003c/a\u003e (2026-02-02)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7918e9cf70f822505cb4422c03150a86f802627\"\u003e\u003ccode\u003ea7918e9\u003c/code\u003e\u003c/a\u003e v20.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/02d7245e9b204ed07a68298e4d73c8d82a4b7f81\"\u003e\u003ccode\u003e02d7245\u003c/code\u003e\u003c/a\u003e v20.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7469817974796a6e89f55911bb66b7bffa44099\"\u003e\u003ccode\u003ea746981\u003c/code\u003e\u003c/a\u003e v20.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/81cfc9e5e9d452b68b5809e57196ca0c03fd7b85\"\u003e\u003ccode\u003e81cfc9e\u003c/code\u003e\u003c/a\u003e v20.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/e7ae28d1f71299cedcafe3360f376c93800b283a\"\u003e\u003ccode\u003ee7ae28d\u003c/code\u003e\u003c/a\u003e v20.4.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.2/@commitlint/prompt\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/load` from 20.5.0 to 20.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/load's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003e20.5.3\u003c/a\u003e (2026-04-30)\u003c/h2\u003e\n\u003ch2\u003eRefactor\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace all lodash.* dependencies with es-toolkit/compat by \u003ca href=\"https://github.com/debuggingfuture\"\u003e\u003ccode\u003e@​debuggingfuture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4734\"\u003econventional-changelog/commitlint#4734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: use nodejs commands for creating files on Windows (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4728\"\u003e#4728\u003c/a\u003e) by \u003ca href=\"https://github.com/festoney8\"\u003e\u003ccode\u003e@​festoney8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4730\"\u003econventional-changelog/commitlint#4730\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/festoney8\"\u003e\u003ccode\u003e@​festoney8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4730\"\u003econventional-changelog/commitlint#4730\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/debuggingfuture\"\u003e\u003ccode\u003e@​debuggingfuture\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4734\"\u003econventional-changelog/commitlint#4734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/load/CHANGELOG.md\"\u003e@​commitlint/load's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003e20.5.3\u003c/a\u003e (2026-04-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/load\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/load\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/31e959a3d17d4403f1142f825c43cccf2e0f7dc4\"\u003e\u003ccode\u003e31e959a\u003c/code\u003e\u003c/a\u003e v20.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/e3d2c9dfe74b7d9be87019a28920c44818dd364d\"\u003e\u003ccode\u003ee3d2c9d\u003c/code\u003e\u003c/a\u003e refactor: replace all lodash.* dependencies with es-toolkit/compat (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4734\"\u003e#4734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/029aceda8e7876f2020c5e636c361517bd025d61\"\u003e\u003ccode\u003e029aced\u003c/code\u003e\u003c/a\u003e chore: update dependency typescript to v6 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4697\"\u003e#4697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/load\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/resolve-extends` from 20.5.0 to 20.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/resolve-extends's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"...\n\n_Description has been truncated_","html_url":"https://github.com/Cognigy/Cognigy-CLI/pull/493","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cognigy%2FCognigy-CLI/issues/493","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/493/packages"},{"uuid":"4339481916","node_id":"PR_kwDOJaX2Zs7WJWgb","number":402,"state":"closed","title":"Bump @actions/http-client from 3.0.2 to 4.0.1","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-12T23:04:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T23:32:02.000Z","updated_at":"2026-06-12T23:04:28.000Z","time_to_close":3972744,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"3.0.2","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 3.0.2 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=3.0.2\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.","html_url":"https://github.com/rubygems/configure-rubygems-credentials/pull/402","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fconfigure-rubygems-credentials/issues/402","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/402/packages"},{"uuid":"4319383228","node_id":"PR_kwDOLFLYxM7VJnzs","number":950,"state":"closed","title":"Bump the npm-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-07T23:05:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T23:05:23.000Z","updated_at":"2026-05-07T23:05:43.000Z","time_to_close":1209618,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm-dependencies","update_count":9,"packages":[{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/github","old_version":"9.0.0","new_version":"9.1.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/glob","old_version":"0.6.1","new_version":"0.7.0","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@types/node","old_version":"25.5.0","new_version":"25.6.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"8.58.0","new_version":"8.59.0","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"eslint","old_version":"10.1.0","new_version":"10.2.1","repository_url":"https://github.com/eslint/eslint"},{"name":"globals","old_version":"17.4.0","new_version":"17.5.0","repository_url":"https://github.com/sindresorhus/globals"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm-dependencies group with 9 updates in the /sources directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `9.0.0` | `9.1.1` |\n| [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) | `0.6.1` | `0.7.0` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `4.0.0` | `4.0.1` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.6.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.58.0` | `8.59.0` |\n| [eslint](https://github.com/eslint/eslint) | `10.1.0` | `10.2.1` |\n| [globals](https://github.com/sindresorhus/globals) | `17.4.0` | `17.5.0` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e\u003ccode\u003e@​actions/core\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/github` from 9.0.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md\"\u003e\u003ccode\u003e@​actions/github\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e9.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2346\"\u003e#2346\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e9.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppend \u003ccode\u003eactions_orchestration_id\u003c/code\u003e to user-agent when the \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is set \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2364\"\u003e#2364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/github\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/glob` from 0.6.1 to 0.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md\"\u003e\u003ccode\u003e@​actions/glob\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e from \u003ccode\u003e^3.0.4\u003c/code\u003e to \u003ccode\u003e^10.2.5\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2355\"\u003e#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2345\"\u003e#2345\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003ebrace-expansion\u003c/code\u003e in \u003ccode\u003e/packages/glob\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2369\"\u003e#2369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/glob\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 25.5.0 to 25.6.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/eslint-plugin` from 8.58.0 to 8.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e\u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.0\u003c/h2\u003e\n\u003ch2\u003e8.59.0 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-type-assertion] report more cases based on assignability (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11789\"\u003e#11789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUlrich Stark\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.0\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003ev8.58.2\u003c/h2\u003e\n\u003ch2\u003e8.58.2 (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove tsbuildinfo cache file from published packages (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-condition] use assignability checks in checkTypePredicates (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12147\"\u003e#12147\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAbhijeet Singh \u003ca href=\"https://github.com/cseas\"\u003e\u003ccode\u003e@​cseas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e송재욱\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.2\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003ev8.58.1\u003c/h2\u003e\n\u003ch2\u003e8.58.1 (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unused-vars] fix false negative for type predicate parameter (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12004\"\u003e#12004\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinJae \u003ca href=\"https://github.com/Ju-MINJAE\"\u003e\u003ccode\u003e@​Ju-MINJAE\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md\"\u003e\u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.0 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-type-assertion] report more cases based on assignability (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11789\"\u003e#11789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUlrich Stark\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.0\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003e8.58.2 (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-condition] use assignability checks in checkTypePredicates (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12147\"\u003e#12147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove tsbuildinfo cache file from published packages (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAbhijeet Singh \u003ca href=\"https://github.com/cseas\"\u003e\u003ccode\u003e@​cseas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e송재욱\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.2\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003e8.58.1 (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unused-vars] fix false negative for type predicate parameter (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12004\"\u003e#12004\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinJae \u003ca href=\"https://github.com/Ju-MINJAE\"\u003e\u003ccode\u003e@​Ju-MINJAE\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/ea9ae4f8817873480e3501145059f63e39e8d8a1\"\u003e\u003ccode\u003eea9ae4f\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/cfca5506346503830ce348aabe8e82fe28a8e687\"\u003e\u003ccode\u003ecfca550\u003c/code\u003e\u003c/a\u003e feat(eslint-plugin): [no-unnecessary-type-assertion] report more cases based ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/6d599b4769e22ed634236980d7da1e23e3f073a6\"\u003e\u003ccode\u003e6d599b4\u003c/code\u003e\u003c/a\u003e chore(eslint-plugin): switch auto-generated test cases to hand-written in ret...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/33c81691ec8f240209d8662dd2ca72602731e5b0\"\u003e\u003ccode\u003e33c8169\u003c/code\u003e\u003c/a\u003e chore: fix cspell violations in code blocks (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12167\"\u003e#12167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/90c2803a4c250e0343598d41e973f95e743bf4ce\"\u003e\u003ccode\u003e90c2803\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.58.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/7c9e06f669065bfb24b66c1f2bfb05ae2b512c09\"\u003e\u003ccode\u003e7c9e06f\u003c/code\u003e\u003c/a\u003e fix(eslint-plugin): [no-unnecessary-condition] use assignability checks in ch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/dae173267fe3a549417de802be00af1aeae25059\"\u003e\u003ccode\u003edae1732\u003c/code\u003e\u003c/a\u003e chore(eslint-plugin): switch auto-generated test cases to hand-written in unb...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/be6b49a02d68db9bdc8985e7e9e1598700fda2fa\"\u003e\u003ccode\u003ebe6b49a\u003c/code\u003e\u003c/a\u003e fix: remove tsbuildinfo cache file from published packages (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/5311ed312eadf4e238324f2726ae0b1f3f2206e6\"\u003e\u003ccode\u003e5311ed3\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.58.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/c3f8ed5ddfa757d91911489105bf8b57a16404c9\"\u003e\u003ccode\u003ec3f8ed5\u003c/code\u003e\u003c/a\u003e fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.0/packages/eslint-plugin\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 10.1.0 to 10.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14be92b6d1fa0923b8923830f2208e5e2705b002\"\u003e\u003ccode\u003e14be92b\u003c/code\u003e\u003c/a\u003e fix: model generator yield resumption paths in code path analysis (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20665\"\u003e#20665\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/84a19d2c32255db6b9cfc08644a607aae6d5cb62\"\u003e\u003ccode\u003e84a19d2\u003c/code\u003e\u003c/a\u003e fix: no-async-promise-executor false positives for shadowed Promise (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20740\"\u003e#20740\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/af764af0ec38225755fbf8a6f207f0c77b595a8d\"\u003e\u003ccode\u003eaf764af\u003c/code\u003e\u003c/a\u003e fix: clarify language and processor validation errors (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20729\"\u003e#20729\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e251b89a38280973e468a4a9386c138f4f55d10d\"\u003e\u003ccode\u003ee251b89\u003c/code\u003e\u003c/a\u003e fix: update eslint (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20715\"\u003e#20715\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e) (Ayush Shukla)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/39771e6e600f0b0617fdeafff6dd07e4211ffde6\"\u003e\u003ccode\u003e39771e6\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/71e04693def2df57268f08f3072a2749df6bf438\"\u003e\u003ccode\u003e71e0469\u003c/code\u003e\u003c/a\u003e docs: fix incomplete JSDoc param description in no-shadow rule (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20728\"\u003e#20728\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22119ceb93e28f62262fc1d98ff1b1442d6e2dbf\"\u003e\u003ccode\u003e22119ce\u003c/code\u003e\u003c/a\u003e docs: clarify scope of for-direction rule with dead code examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20723\"\u003e#20723\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8f3fb77f122a5641d1833cad5d93f3f54fa3be0b\"\u003e\u003ccode\u003e8f3fb77\u003c/code\u003e\u003c/a\u003e docs: document \u003ccode\u003emeta.docs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20718\"\u003e#20718\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/51080eb5c98d619434e4835dbe9f1c6654aca3b8\"\u003e\u003ccode\u003e51080eb\u003c/code\u003e\u003c/a\u003e test: processor service (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20731\"\u003e#20731\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e7e1889fca9b6044e08f41b38df20a1ce45808c8\"\u003e\u003ccode\u003ee7e1889\u003c/code\u003e\u003c/a\u003e chore: remove stale babel-eslint10 fixture and test  (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20727\"\u003e#20727\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4e1a87cb8fb90e309524bc36bc5f31b9f9cfaa76\"\u003e\u003ccode\u003e4e1a87c\u003c/code\u003e\u003c/a\u003e test: remove redundant async/await in flat config array tests (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20722\"\u003e#20722\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/066eabb3643b12931f991594969bcc0028f71a5f\"\u003e\u003ccode\u003e066eabb\u003c/code\u003e\u003c/a\u003e test: add rule metadata coverage for \u003ccode\u003elanguages\u003c/code\u003e and \u003ccode\u003edocs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20717\"\u003e#20717\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/586ec2f43092779acc957866db4abe999112d1e1\"\u003e\u003ccode\u003e586ec2f\u003c/code\u003e\u003c/a\u003e feat: Add \u003ccode\u003emeta.languages\u003c/code\u003e support to rules (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20571\"\u003e#20571\u003c/a\u003e) (Copilot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14207dee3939dc87cfa8b2fcfc271fff2cfd6471\"\u003e\u003ccode\u003e14207de\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eTemporal\u003c/code\u003e to \u003ccode\u003eno-obj-calls\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20675\"\u003e#20675\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/bbb2c93a2b31bd30924f32fe69a9acf41f9dfe35\"\u003e\u003ccode\u003ebbb2c93\u003c/code\u003e\u003c/a\u003e feat: add Temporal to ES2026 globals (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20672\"\u003e#20672\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/542cb3e6442a4e6ee3457c799e2a0ee23bef0c6a\"\u003e\u003ccode\u003e542cb3e\u003c/code\u003e\u003c/a\u003e fix: update first-party dependencies (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20714\"\u003e#20714\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a2af743ea60f683d0e0de9d98267c1e7e4f5e412\"\u003e\u003ccode\u003ea2af743\u003c/code\u003e\u003c/a\u003e docs: add \u003ccode\u003elanguage\u003c/code\u003e to configuration objects (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20712\"\u003e#20712\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/845f23f1370892bf07d819497ac518c9e65090d6\"\u003e\u003ccode\u003e845f23f\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5fbcf5958b897cc4df5d652924d18428db37f7ee\"\u003e\u003ccode\u003e5fbcf59\u003c/code\u003e\u003c/a\u003e docs: remove \u003ccode\u003esourceType\u003c/code\u003e from ts playground link (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20477\"\u003e#20477\u003c/a\u003e) (Tanuj Kanti)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8702a474659be786b6b1392e5e7c0c56355ae4a4\"\u003e\u003ccode\u003e8702a47\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ddeaded2ab36951383ff67c60fb64ec68d29a46a\"\u003e\u003ccode\u003eddeaded\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2b4496691266547784a7f7ad1989ce53381bab91\"\u003e\u003ccode\u003e2b44966\u003c/code\u003e\u003c/a\u003e docs: add Major Releases section to Manage Releases (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20269\"\u003e#20269\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/eab65c700ebb16a6e790910c720450c9908961fd\"\u003e\u003ccode\u003eeab65c7\u003c/code\u003e\u003c/a\u003e docs: update \u003ccode\u003eeslint\u003c/code\u003e versions in examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20664\"\u003e#20664\u003c/a\u003e) (루밀LuMir)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3e4a29903bf31f0998e45ad9128a265bce1edc56\"\u003e\u003ccode\u003e3e4a299\u003c/code\u003e\u003c/a\u003e docs: update ESM Dependencies policies with note for own-usage packages (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20660\"\u003e#20660\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8120e30f833474f47acc061d24d164e9f022264f\"\u003e\u003ccode\u003e8120e30\u003c/code\u003e\u003c/a\u003e refactor: extract no unmodified loop condition (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20679\"\u003e#20679\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/46e8469786be1b2bbb522100e1d44624d98d3745\"\u003e\u003ccode\u003e46e8469\u003c/code\u003e\u003c/a\u003e chore: update dependency markdownlint-cli2 to ^0.22.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20697\"\u003e#20697\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/01ed3aa68477f81a7188e1498cf4906e02015b7c\"\u003e\u003ccode\u003e01ed3aa\u003c/code\u003e\u003c/a\u003e test: add unit tests for unicode utilities (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20622\"\u003e#20622\u003c/a\u003e) (Manish chaudhary)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4d1d8f9737236603f64bbe83d5bb8001627b5611\"\u003e\u003ccode\u003e4d1d8f9\u003c/code\u003e\u003c/a\u003e 10.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3e33105b05d09b5a4eb894ed75a9811fb40d65e6\"\u003e\u003ccode\u003e3e33105\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v10.1.0...v10.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globals` from 17.4.0 to 17.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globals/releases\"\u003eglobals's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate globals (2026-04-12) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/342\"\u003e#342\u003c/a\u003e)  5d84602\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\"\u003ehttps://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/b8170c8e1d648291b613c5b39a69652c796fa36c\"\u003e\u003ccode\u003eb8170c8\u003c/code\u003e\u003c/a\u003e 17.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/5d846029679832931f38ced6381cc95bcb9abd80\"\u003e\u003ccode\u003e5d84602\u003c/code\u003e\u003c/a\u003e Update globals (2026-04-12) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/342\"\u003e#342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/1b727e5f4cc39121b8e77b9f27574a8ca27391fc\"\u003e\u003ccode\u003e1b727e5\u003c/code\u003e\u003c/a\u003e Fix build script for ES globals (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| @types/node | [\u003e= 22.a, \u003c 23] |\n\u003c/details\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/gradle/actions/pull/950","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gradle%2Factions/issues/950","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/950/packages"},{"uuid":"4310556945","node_id":"PR_kwDOL8eYqM7Us2Up","number":207,"state":"closed","title":"chore: bump @actions/http-client from 4.0.0 to 4.0.1","user":"dependabot[bot]","labels":["dependencies","javascript","Stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-30T00:43:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T16:54:19.000Z","updated_at":"2026-05-30T00:43:45.000Z","time_to_close":3224964,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/camptocamp/setup-dagger/pull/207","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fsetup-dagger/issues/207","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/207/packages"},{"uuid":"4306946248","node_id":"PR_kwDOFMsDj87UhA8N","number":987,"state":"closed","title":"Bump @actions/http-client from 4.0.0 to 4.0.1 in /action","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-22T05:48:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T05:42:42.000Z","updated_at":"2026-04-22T05:48:10.000Z","time_to_close":326,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":"/action","ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fuller-inc/actions-aws-assume-role/pull/987","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuller-inc%2Factions-aws-assume-role/issues/987","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/987/packages"},{"uuid":"4306636746","node_id":"PR_kwDOIiHw087UgBYD","number":13,"state":"open","title":"build(deps): bump @actions/http-client from 2.2.1 to 4.0.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-22T04:07:01.000Z","updated_at":"2026-04-22T04:07:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"@actions/http-client","old_version":"2.2.1","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where proxy username and password were not handled correctly \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1799\"\u003e#1799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBetter handling of url encoded usernames and passwords in proxy config \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1782\"\u003e#1782\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=2.2.1\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/go-gremlins_gremlins-action/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fgo-gremlins_gremlins-action/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4270728031","node_id":"PR_kwDOD3bUds7Suize","number":3833,"state":"closed","title":"Bump @actions/http-client from 3.0.2 to 4.0.0","user":"dependabot[bot]","labels":["size/XS"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-16T10:48:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T17:58:46.000Z","updated_at":"2026-04-16T10:48:39.000Z","time_to_close":60583,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"3.0.2","new_version":"4.0.0","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 3.0.2 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=3.0.2\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/github/codeql-action/pull/3833","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/issues/3833","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3833/packages"},{"uuid":"4143418868","node_id":"PR_kwDOQAiyM87Nsza5","number":147,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-26T12:26:02.000Z","updated_at":"2026-03-26T12:26:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.18.2","new_version":"7.24.6"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.1","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.18.2 to 7.24.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFormdata tests by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4902\"\u003enodejs/undici#4902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: add unexpected disconnect guards to more client test files by \u003ca href=\"https://github.com/samayer12\"\u003e\u003ccode\u003e@​samayer12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4844\"\u003enodejs/undici#4844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): only apply 1-year deleteAt for immutable responses by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4913\"\u003enodejs/undici#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4913\"\u003enodejs/undici#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.4...v7.24.5\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.4...v7.24.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fetch): handle URL credentials in dispatch path extraction by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4892\"\u003enodejs/undici#4892\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.3...v7.24.4\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.3...v7.24.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(h2): TypeError: Cannot read properties of null (reading 'push') i… by \u003ca href=\"https://github.com/hxinhan\"\u003e\u003ccode\u003e@​hxinhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4881\"\u003enodejs/undici#4881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.2...v7.24.3\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.2...v7.24.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/38eab360daff8f72927dd6083e755ca37d6d624e\"\u003e\u003ccode\u003e38eab36\u003c/code\u003e\u003c/a\u003e Bumped v7.24.6 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/993609d269b0eca935eff67e6ecec33fcebad7c3\"\u003e\u003ccode\u003e993609d\u003c/code\u003e\u003c/a\u003e test: auto-init WPT submodule (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1eacc49375c43b70c0da9b68bd8186b3ece16ce2\"\u003e\u003ccode\u003e1eacc49\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump typescript from 5.9.3 to 6.0.2 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4926\"\u003e#4926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/b64e7e45cd805e245ccf1f2561a843fa431e2d49\"\u003e\u003ccode\u003eb64e7e4\u003c/code\u003e\u003c/a\u003e fix: avoid prototype collisions in parseHeaders (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4923\"\u003e#4923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/deba679002094a77405e35d8003fb4c2e0948ca5\"\u003e\u003ccode\u003edeba679\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: assume http/https scheme for scheme-less proxy env vars (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4914\"\u003e#4914\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/feef62bfe0b48662f71b17204b9d9fc8a6d96df7\"\u003e\u003ccode\u003efeef62b\u003c/code\u003e\u003c/a\u003e fix: support Connection header with connection-specific header names per RFC ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a613d9adb0fbf7ed726390a9f553ecfe3343b10b\"\u003e\u003ccode\u003ea613d9a\u003c/code\u003e\u003c/a\u003e docs: clarify fetch and FormData pairing (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4922\"\u003e#4922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ba99a3941649cd1f90495dc0715649c72a307db\"\u003e\u003ccode\u003e2ba99a3\u003c/code\u003e\u003c/a\u003e fix: wrap kConnector call in try/catch to prevent client hang (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4834\"\u003e#4834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a7398c0e881ebc8d8799b0260187ef50970260a8\"\u003e\u003ccode\u003ea7398c0\u003c/code\u003e\u003c/a\u003e fix(cache): check Authorization on request headers per RFC 9111 §3.5 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2b2afbc0d4d73e548f3b91c9f6ae5cbb166240a0\"\u003e\u003ccode\u003e2b2afbc\u003c/code\u003e\u003c/a\u003e fix: assume http/https scheme for scheme-less proxy env vars (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4914\"\u003e#4914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.18.2...v7.24.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.1 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ooples/token-optimizer-mcp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ooples/token-optimizer-mcp/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ooples%2Ftoken-optimizer-mcp/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"},{"uuid":"4092743320","node_id":"PR_kwDOIiHw087LbBqp","number":7,"state":"open","title":"build(deps): bump @actions/http-client from 2.2.1 to 4.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-18T05:03:27.000Z","updated_at":"2026-03-18T05:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"@actions/http-client","old_version":"2.2.1","new_version":"4.0.0","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where proxy username and password were not handled correctly \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1799\"\u003e#1799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBetter handling of url encoded usernames and passwords in proxy config \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1782\"\u003e#1782\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=2.2.1\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/go-gremlins_gremlins-action/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fgo-gremlins_gremlins-action/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"},{"uuid":"4080829480","node_id":"PR_kwDOLb0qOM7K1lGC","number":322,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-16T07:52:31.000Z","updated_at":"2026-03-16T07:52:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.1"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 5.29.0 to 6.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/deriv-com/deriv-api-docs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/deriv-com/deriv-api-docs/pull/322","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/deriv-com%2Fderiv-api-docs/issues/322","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/322/packages"},{"uuid":"4075584237","node_id":"PR_kwDOG05L2s7Kl6Es","number":18,"state":"closed","title":"build(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T08:01:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T11:26:31.000Z","updated_at":"2026-04-03T08:01:57.000Z","time_to_close":1715724,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.1"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"2.2.3","new_version":"4.0.0"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) to 6.24.1 and updates ancestor dependency [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies need to be updated together.\n\nUpdates `undici` from 5.29.0 to 6.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 2.2.3 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/minchao/setup-gator/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/minchao%2Fsetup-gator/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"},{"uuid":"4075514707","node_id":"PR_kwDOQ_QSpc7Klr0_","number":16,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T11:00:40.000Z","updated_at":"2026-03-14T11:00:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.19.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.1","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.19.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.19.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.1 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mearman/typecheck-files/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Mearman/typecheck-files/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mearman%2Ftypecheck-files/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4075460636","node_id":"PR_kwDOE_PZTs7KlgrW","number":452,"state":"closed","title":"fix: bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-18T08:43:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T10:39:57.000Z","updated_at":"2026-04-18T08:43:57.000Z","time_to_close":3017031,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/VaclavObornik/mongodash/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/VaclavObornik/mongodash/pull/452","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaclavObornik%2Fmongodash/issues/452","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/452/packages"},{"uuid":"4075393162","node_id":"PR_kwDODifb8c7KlS3Y","number":1539,"state":"open","title":"fix(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","npm"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T10:10:47.000Z","updated_at":"2026-03-14T10:10:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kronos-Integration/service-swarm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Kronos-Integration/service-swarm/pull/1539","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kronos-Integration%2Fservice-swarm/issues/1539","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1539/packages"},{"uuid":"4075379208","node_id":"PR_kwDOLwOcvs7KlQO1","number":320,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T10:04:37.000Z","updated_at":"2026-03-14T10:04:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/deriv-com/webflow-deriv-com-scripts/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/deriv-com/webflow-deriv-com-scripts/pull/320","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/deriv-com%2Fwebflow-deriv-com-scripts/issues/320","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/320/packages"},{"uuid":"4075161496","node_id":"PR_kwDOQtTXfs7KkjXf","number":8,"state":"closed","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript","released"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T08:41:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T08:37:07.000Z","updated_at":"2026-04-26T10:58:14.000Z","time_to_close":605076,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/angristan/codex-wakatime/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/angristan/codex-wakatime/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/angristan%2Fcodex-wakatime/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4075124336","node_id":"PR_kwDOQuu9v87KkbpH","number":3,"state":"closed","title":"build(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-14T09:32:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T08:22:33.000Z","updated_at":"2026-03-14T09:32:32.000Z","time_to_close":4198,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.0"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 5.29.0 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RehabAbotalep/close-sub-issues-action/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RehabAbotalep/close-sub-issues-action/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RehabAbotalep%2Fclose-sub-issues-action/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"},{"uuid":"4075117437","node_id":"PR_kwDOA0MfWM7KkaOQ","number":517,"state":"open","title":"refactor: Bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T08:19:24.000Z","updated_at":"2026-03-29T03:01:30.144Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"refactor","packages":[{"name":"Bump undici"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.20.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.20.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.20.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/parse-community/parse-server-push-adapter/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/parse-community/parse-server-push-adapter/pull/517","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/parse-community%2Fparse-server-push-adapter/issues/517","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/517/packages"}],"issue_packages":[{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-25T00:36:43.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4513473979","node_id":"PR_kwDOPW2a187e3bPk","number":148,"state":"open","title":"Bump @actions/http-client from 4.0.0 to 4.0.1","user":"dependabot[bot]","labels":["chore","dependencies","javascript","bump-patch"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-25T00:36:43.000Z","updated_at":"2026-05-25T00:38:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/ryanmab/incident-io-alert/pull/148","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ryanmab%2Fincident-io-alert/issues/148","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/148/packages"}},{"old_version":"2.2.3","new_version":"4.0.1","update_type":"major","path":null,"pr_created_at":"2026-05-15T05:25:25.000Z","version_change":"2.2.3 → 4.0.1","issue":{"uuid":"4451493916","node_id":"PR_kwDOSP8NMc7byvaO","number":23,"state":"open","title":"chore(deps): bump the github-action-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-15T05:25:25.000Z","updated_at":"2026-05-15T05:27:15.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-action-dependencies","update_count":9,"packages":[{"name":"@actions/core","old_version":"1.11.1","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"2.2.3","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@types/node","old_version":"20.19.39","new_version":"25.8.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"8.59.2","new_version":"8.59.3","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"eslint","old_version":"8.57.1","new_version":"10.3.0","repository_url":"https://github.com/eslint/eslint"},{"name":"jest","old_version":"29.7.0","new_version":"30.4.2","repository_url":"https://github.com/jestjs/jest"},{"name":"@types/jest","old_version":"29.5.14","new_version":"30.0.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"typescript","old_version":"5.9.3","new_version":"6.0.3","repository_url":"https://github.com/microsoft/TypeScript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the github-action-dependencies group with 8 updates in the /packages/github-action directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `1.11.1` | `3.0.1` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `2.2.3` | `4.0.1` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.19.39` | `25.8.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.59.2` | `8.59.3` |\n| [eslint](https://github.com/eslint/eslint) | `8.57.1` | `10.3.0` |\n| [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `29.7.0` | `30.4.2` |\n| [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) | `29.5.14` | `30.0.0` |\n| [typescript](https://github.com/microsoft/TypeScript) | `5.9.3` | `6.0.3` |\n\n\nUpdates `@actions/core` from 1.11.1 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/http-client\u003c/code\u003e to \u003ccode\u003e3.0.2\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/exec\u003c/code\u003e from 1.1.1 to 2.0.0 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2199\"\u003e#2199\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 2.0.1 to 3.0.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/core\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 2.2.3 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 20.19.39 to 25.8.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/eslint-plugin` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e@​typescript-eslint/eslint-plugin's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md\"\u003e@​typescript-eslint/eslint-plugin's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for eslint-plugin to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/e26dc8003ababf078aad4df17765ee4cea30644c\"\u003e\u003ccode\u003ee26dc80\u003c/code\u003e\u003c/a\u003e docs: update stale links to latest (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12313\"\u003e#12313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/eslint-plugin\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/parser` from 8.59.2 to 8.59.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e@​typescript-eslint/parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.3\u003c/h2\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md\"\u003e@​typescript-eslint/parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.3 (2026-05-11)\u003c/h2\u003e\n\u003cp\u003eThis was a version bump only for parser to align it with other projects, there were no code changes.\u003c/p\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.3\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/48e13c0261e3cb1bf4f4dfaa462cdb3a56ef7383\"\u003e\u003ccode\u003e48e13c0\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/44f9625336841a8ee3eb01a9e02e49b1d7b12648\"\u003e\u003ccode\u003e44f9625\u003c/code\u003e\u003c/a\u003e chore(deps): update vitest monorepo to v4.1.5 (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser/issues/12307\"\u003e#12307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/parser\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 8.57.1 to 10.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.3.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/379571a975f2b24d88037b9de2e72ec61d004130\"\u003e\u003ccode\u003e379571a\u003c/code\u003e\u003c/a\u003e feat: add suggestions for no-unused-private-class-members (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20773\"\u003e#20773\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6ae5cf07b9b51802367539cb24b245b61eaa37c\"\u003e\u003ccode\u003eb6ae5cf\u003c/code\u003e\u003c/a\u003e fix: handle unavailable require cache (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20812\"\u003e#20812\u003c/a\u003e) (Simon Podlipsky)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6fb3685bcbe9a6f72fd7dfb9129686b6fb96b0bd\"\u003e\u003ccode\u003e6fb3685\u003c/code\u003e\u003c/a\u003e fix: rule suggestions cause continuation in class body (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20787\"\u003e#20787\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/32cc7ab4ec653ce89da92deb5c40a9f4fc707fe5\"\u003e\u003ccode\u003e32cc7ab\u003c/code\u003e\u003c/a\u003e docs: fix typos in docs and comments (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20809\"\u003e#20809\u003c/a\u003e) (Tanuj Kanti)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7f479376a2fa463d823ab762db6bb37ce8d2ee8f\"\u003e\u003ccode\u003e7f47937\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d32235ec19ceea211fa86452afa383ca05f5c2f9\"\u003e\u003ccode\u003ed32235e\u003c/code\u003e\u003c/a\u003e ci: use pnpm in \u003ccode\u003eeslint-flat-config-utils\u003c/code\u003e type integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20826\"\u003e#20826\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3ffb14ea517de750ed1181579ef844af342e4096\"\u003e\u003ccode\u003e3ffb14e\u003c/code\u003e\u003c/a\u003e chore: clean up typos in comments and JSDoc (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20821\"\u003e#20821\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22eb58a21cbde2fbd53a1fae99453d408672de50\"\u003e\u003ccode\u003e22eb58a\u003c/code\u003e\u003c/a\u003e chore: add missing continue-on-error to ecosystem-tests.yml (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20818\"\u003e#20818\u003c/a\u003e) (Josh Goldberg ✨)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/88bf0024cb36caebf2880516d9a1f81aa75dafe2\"\u003e\u003ccode\u003e88bf002\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20815\"\u003e#20815\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/97c8c330beae9557ad24e19f94eebc8d08d1a722\"\u003e\u003ccode\u003e97c8c33\u003c/code\u003e\u003c/a\u003e chore: update ilshidur/action-discord action to v0.4.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20811\"\u003e#20811\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2f58136dd47364a4cae7054a64f7bf1e79693813\"\u003e\u003ccode\u003e2f58136\u003c/code\u003e\u003c/a\u003e chore: pin peter-evans/create-pull-request action to 5f6978f (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20810\"\u003e#20810\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/77add7f1bc91ed17bba3be3289928a9146c5f5a1\"\u003e\u003ccode\u003e77add7f\u003c/code\u003e\u003c/a\u003e chore: add initial ecosystem plugin tests workflow (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/19643\"\u003e#19643\u003c/a\u003e) (Josh Goldberg ✨)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4023b55490fae55e464fe35530ef038cdf5d79a5\"\u003e\u003ccode\u003e4023b55\u003c/code\u003e\u003c/a\u003e test: Add unit tests for SuppressionsService.prune() (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20797\"\u003e#20797\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/54080dad4f77bb39a1a843933d4ff3a2b7c175e2\"\u003e\u003ccode\u003e54080da\u003c/code\u003e\u003c/a\u003e test: add unit tests for ForkContext (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20778\"\u003e#20778\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/f0e2bcc4bf19253aaebfbd7df87824b0ca4a151f\"\u003e\u003ccode\u003ef0e2bcc\u003c/code\u003e\u003c/a\u003e test: add unit tests for SuppressionsService.suppress() method (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20765\"\u003e#20765\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a7f0b94743a99bcdf8d07cff15ffbfa6a6c5f927\"\u003e\u003ccode\u003ea7f0b94\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20782\"\u003e#20782\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7bf93d9e79f6dbf77242cbb9a9b8be834730fccd\"\u003e\u003ccode\u003e7bf93d9\u003c/code\u003e\u003c/a\u003e chore: update TypeScript to v6 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20677\"\u003e#20677\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b42dd72e76e7f90e7f0be9458288d93353052adc\"\u003e\u003ccode\u003eb42dd72\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20781\"\u003e#20781\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2b252be80f362cca7be3326a6dbe958680fdfe9a\"\u003e\u003ccode\u003e2b252be\u003c/code\u003e\u003c/a\u003e test: add unit tests for IdGenerator (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20775\"\u003e#20775\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.2.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14be92b6d1fa0923b8923830f2208e5e2705b002\"\u003e\u003ccode\u003e14be92b\u003c/code\u003e\u003c/a\u003e fix: model generator yield resumption paths in code path analysis (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20665\"\u003e#20665\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/84a19d2c32255db6b9cfc08644a607aae6d5cb62\"\u003e\u003ccode\u003e84a19d2\u003c/code\u003e\u003c/a\u003e fix: no-async-promise-executor false positives for shadowed Promise (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20740\"\u003e#20740\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/af764af0ec38225755fbf8a6f207f0c77b595a8d\"\u003e\u003ccode\u003eaf764af\u003c/code\u003e\u003c/a\u003e fix: clarify language and processor validation errors (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20729\"\u003e#20729\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e251b89a38280973e468a4a9386c138f4f55d10d\"\u003e\u003ccode\u003ee251b89\u003c/code\u003e\u003c/a\u003e fix: update eslint (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20715\"\u003e#20715\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e) (Ayush Shukla)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/39771e6e600f0b0617fdeafff6dd07e4211ffde6\"\u003e\u003ccode\u003e39771e6\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/71e04693def2df57268f08f3072a2749df6bf438\"\u003e\u003ccode\u003e71e0469\u003c/code\u003e\u003c/a\u003e docs: fix incomplete JSDoc param description in no-shadow rule (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20728\"\u003e#20728\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22119ceb93e28f62262fc1d98ff1b1442d6e2dbf\"\u003e\u003ccode\u003e22119ce\u003c/code\u003e\u003c/a\u003e docs: clarify scope of for-direction rule with dead code examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20723\"\u003e#20723\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8f3fb77f122a5641d1833cad5d93f3f54fa3be0b\"\u003e\u003ccode\u003e8f3fb77\u003c/code\u003e\u003c/a\u003e docs: document \u003ccode\u003emeta.docs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20718\"\u003e#20718\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/78892043a36da4aa7640b59c99344b00c181048a\"\u003e\u003ccode\u003e7889204\u003c/code\u003e\u003c/a\u003e 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5b69b4fce4dc407c8e960eba638b5a3409c4f1fd\"\u003e\u003ccode\u003e5b69b4f\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/d32235ec19ceea211fa86452afa383ca05f5c2f9\"\u003e\u003ccode\u003ed32235e\u003c/code\u003e\u003c/a\u003e ci: use pnpm in \u003ccode\u003eeslint-flat-config-utils\u003c/code\u003e type integration test (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20826\"\u003e#20826\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/b6ae5cf07b9b51802367539cb24b245b61eaa37c\"\u003e\u003ccode\u003eb6ae5cf\u003c/code\u003e\u003c/a\u003e fix: handle unavailable require cache (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20812\"\u003e#20812\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3ffb14ea517de750ed1181579ef844af342e4096\"\u003e\u003ccode\u003e3ffb14e\u003c/code\u003e\u003c/a\u003e chore: clean up typos in comments and JSDoc (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20821\"\u003e#20821\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/6fb3685bcbe9a6f72fd7dfb9129686b6fb96b0bd\"\u003e\u003ccode\u003e6fb3685\u003c/code\u003e\u003c/a\u003e fix: rule suggestions cause continuation in class body (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20787\"\u003e#20787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22eb58a21cbde2fbd53a1fae99453d408672de50\"\u003e\u003ccode\u003e22eb58a\u003c/code\u003e\u003c/a\u003e chore: add missing continue-on-error to ecosystem-tests.yml (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20818\"\u003e#20818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/88bf0024cb36caebf2880516d9a1f81aa75dafe2\"\u003e\u003ccode\u003e88bf002\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20815\"\u003e#20815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/379571a975f2b24d88037b9de2e72ec61d004130\"\u003e\u003ccode\u003e379571a\u003c/code\u003e\u003c/a\u003e feat: add suggestions for no-unused-private-class-members (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20773\"\u003e#20773\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/97c8c330beae9557ad24e19f94eebc8d08d1a722\"\u003e\u003ccode\u003e97c8c33\u003c/code\u003e\u003c/a\u003e chore: update ilshidur/action-discord action to v0.4.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20811\"\u003e#20811\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v8.57.1...v10.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jest` from 29.7.0 to 30.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/releases\"\u003ejest's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev30.4.2\u003c/h2\u003e\n\u003ch1\u003eFixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.1...v30.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.1\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\"\u003ehttps://github.com/jestjs/jest/compare/v30.4.0...v30.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev30.4.0\u003c/h2\u003e\n\u003cp\u003eBig release! 😀\u003c/p\u003e\n\u003cp\u003eMain feature is a rewrite of our custom runtime in preparation for stabilisation of native support of ESM. As part of that work \u003ccode\u003erequire(esm)\u003c/code\u003e module is now supported on Node 24.9+ (still requires \u003ccode\u003e--experimental-vm-modules\u003c/code\u003e like before).\u003c/p\u003e\n\u003cp\u003eIn addition we now support fake timers for the recently released \u003ccode\u003eTemporal\u003c/code\u003e API in Node v26.\u003c/p\u003e\n\u003cp\u003eReact 19 is also supported properly in \u003ccode\u003epretty-format\u003c/code\u003e, meaning snapshots of React components now work like they should.\u003c/p\u003e\n\u003cp\u003eDue to all the changes, there might be regressions that snuck in. Please report them!\u003c/p\u003e\n\u003cp\u003eFull list of changes below\u003c/p\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jestjs/jest/blob/main/CHANGELOG.md\"\u003ejest's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e30.4.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Fix named imports from CJS modules whose \u003ccode\u003emodule.exports\u003c/code\u003e is a function with own-property exports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16150\"\u003e#16150\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.1\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-runner, jest-schemas, jest-types]\u003c/code\u003e Allow custom runner configuration options via tuple format \u003ccode\u003e['runner-path', {options}]\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16141\"\u003e#16141\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Align CJS-from-ESM default export with Node: \u003ccode\u003emodule.exports\u003c/code\u003e is always the ESM default, \u003ccode\u003e__esModule\u003c/code\u003e unwrapping is no longer applied (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16143\"\u003e#16143\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e30.4.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[babel-jest]\u003c/code\u003e Support collecting coverage from \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e (and other) files (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15994\"\u003e#15994\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-cli, jest-config, jest-core, jest-jasmine2, jest-types]\u003c/code\u003e Add \u003ccode\u003e--collect-tests\u003c/code\u003e flag to discover and list tests without executing them (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16006\"\u003e#16006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-runner, jest-worker]\u003c/code\u003e Add \u003ccode\u003eworkerGracefulExitTimeout\u003c/code\u003e config option to control how long workers are given to exit before being force-killed (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15984\"\u003e#15984\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Add support for \u003ccode\u003ejest.config.mts\u003c/code\u003e as a valid configuration file (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16005\"\u003e#16005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config, jest-core, jest-reporters, jest-runner]\u003c/code\u003e \u003ccode\u003everbose\u003c/code\u003e and \u003ccode\u003esilent\u003c/code\u003e can now be set per-project; the project-level value overrides the global value for that project's tests (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16133\"\u003e#16133\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Duration\u003c/code\u003e in \u003ccode\u003ejest.advanceTimersByTime()\u003c/code\u003e and \u003ccode\u003ejest.advanceTimersByTimeAsync()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Accept \u003ccode\u003eTemporal.Instant\u003c/code\u003e and \u003ccode\u003eTemporal.ZonedDateTime\u003c/code\u003e in \u003ccode\u003ejest.setSystemTime()\u003c/code\u003e and \u003ccode\u003euseFakeTimers({now})\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16128\"\u003e#16128\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/fake-timers]\u003c/code\u003e Support faking \u003ccode\u003eTemporal.Now.*\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16131\"\u003e#16131\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-mock]\u003c/code\u003e Add \u003ccode\u003eclearMocksOnScope(scope)\u003c/code\u003e on \u003ccode\u003eModuleMocker\u003c/code\u003e for clearing every mock function exposed on a scope object (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16088\"\u003e#16088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-resolve]\u003c/code\u003e Add \u003ccode\u003ecanResolveSync()\u003c/code\u003e on \u003ccode\u003eResolver\u003c/code\u003e so callers can detect when a user-configured resolver only exports an \u003ccode\u003easync\u003c/code\u003e hook (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16064\"\u003e#16064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Use synchronous \u003ccode\u003eevaluate()\u003c/code\u003e for ES modules without top-level \u003ccode\u003eawait\u003c/code\u003e on Node versions that support it (v24.9+), and prefer the synchronous transform path when a sync transformer is configured (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Support \u003ccode\u003erequire()\u003c/code\u003e of ES modules on Node v24.9+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16074\"\u003e#16074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-runtime]\u003c/code\u003e Validate TC39 import attributes (\u003ccode\u003ewith { type: 'json' }\u003c/code\u003e) on ESM imports (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16127\"\u003e#16127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/transform]\u003c/code\u003e Add \u003ccode\u003ecanTransformSync(filename)\u003c/code\u003e on \u003ccode\u003eScriptTransformer\u003c/code\u003e so callers can pick the sync vs async transform path (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16062\"\u003e#16062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-util]\u003c/code\u003e Add \u003ccode\u003eisError\u003c/code\u003e helper (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16076\"\u003e#16076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[pretty-format]\u003c/code\u003e Support React 19 (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16123\"\u003e#16123\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e[expect-utils]\u003c/code\u003e Fix \u003ccode\u003etoStrictEqual\u003c/code\u003e failing on \u003ccode\u003estructuredClone\u003c/code\u003e results due to cross-realm constructor mismatch (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15959\"\u003e#15959\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[@jest/expect-utils]\u003c/code\u003e Prevent \u003ccode\u003etoMatchObject\u003c/code\u003e/subset matching from throwing when encountering exotic iterables (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15952\"\u003e#15952\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[fake-timers]\u003c/code\u003e Convert \u003ccode\u003eDate\u003c/code\u003e to milliseconds before passing to \u003ccode\u003e@sinonjs/fake-timers\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16029\"\u003e#16029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest]\u003c/code\u003e Export \u003ccode\u003eGlobalConfig\u003c/code\u003e and \u003ccode\u003eProjectConfig\u003c/code\u003e TypeScript types (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus]\u003c/code\u003e Prevent crash when \u003ccode\u003easyncError\u003c/code\u003e is undefined for non-Error throws (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16003\"\u003e#16003\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-circus, jest-jasmine2]\u003c/code\u003e Include \u003ccode\u003eError.cause\u003c/code\u003e in JSON \u003ccode\u003efailureMessages\u003c/code\u003e output (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15967\"\u003e#15967\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Fix preset path resolution on Windows when the preset uses subpath \u003ccode\u003eexports\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/15961\"\u003e#15961\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config without a validation warning (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-config]\u003c/code\u003e Project config validator now emits \u0026quot;is not supported in an individual project configuration\u0026quot; instead of \u0026quot;probably a typing mistake\u0026quot; for known global-only options (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-environment-node]\u003c/code\u003e Fix \u003ccode\u003e--localstorage-file\u003c/code\u003e warning on Node 25+ (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16086\"\u003e#16086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e[jest-reporters]\u003c/code\u003e Apply global coverage threshold to unmatched pattern files in addition to glob/path thresholds (\u003ca href=\"https://redirect.github.com/jestjs/jest/pull/16137\"\u003e#16137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/746f2a0f57c56e3bba555280f0587d40f3db95c0\"\u003e\u003ccode\u003e746f2a0\u003c/code\u003e\u003c/a\u003e v30.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/b3b4a09ed3005369dacc7466d1d2122797283785\"\u003e\u003ccode\u003eb3b4a09\u003c/code\u003e\u003c/a\u003e v30.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/5cbb21e0b3037edb42e503ec1a1ce80efad40c20\"\u003e\u003ccode\u003e5cbb21e\u003c/code\u003e\u003c/a\u003e v30.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/db7141a93cc85fab81cf9c25368e1f2b2c312286\"\u003e\u003ccode\u003edb7141a\u003c/code\u003e\u003c/a\u003e fix: allow \u003ccode\u003ecollectCoverage\u003c/code\u003e and \u003ccode\u003ecoverageProvider\u003c/code\u003e in project config (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/16132\"\u003e#16132\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/efb59c2e81083f8dc941f20d6d20a3af2dc8d068\"\u003e\u003ccode\u003eefb59c2\u003c/code\u003e\u003c/a\u003e v30.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/96c53d30660e51bf76ed2cd1ecc2334c399ac31c\"\u003e\u003ccode\u003e96c53d3\u003c/code\u003e\u003c/a\u003e feat(jest-config): add \u003ccode\u003edefineConfig\u003c/code\u003e and \u003ccode\u003emergeConfig\u003c/code\u003e functions (\u003ca href=\"https://github.com/jestjs/jest/tree/HEAD/packages/jest/issues/15844\"\u003e#15844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/855864e3f9751366455246790be2bf912d4d0dac\"\u003e\u003ccode\u003e855864e\u003c/code\u003e\u003c/a\u003e v30.2.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/da9b532f04632367b0df15a842280501f225b732\"\u003e\u003ccode\u003eda9b532\u003c/code\u003e\u003c/a\u003e v30.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/ebfa31cc9787303e8698a1a029a162a18e8974aa\"\u003e\u003ccode\u003eebfa31c\u003c/code\u003e\u003c/a\u003e v30.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jestjs/jest/commit/d347c0f3f87f976a1dbd9761d503e45f5ced2a7e\"\u003e\u003ccode\u003ed347c0f\u003c/code\u003e\u003c/a\u003e v30.1.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jestjs/jest/commits/v30.4.2/packages/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/jest` from 29.5.14 to 30.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/jest` from 29.5.14 to 30.0.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `typescript` from 5.9.3 to 6.0.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/TypeScript/releases\"\u003etypescript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eTypeScript 6.0.3\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.3%22\"\u003efixed issues query for TypeScript 6.0.3 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0/\"\u003erelease announcement blog post\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22\"\u003efixed issues query for TypeScript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.1%22\"\u003efixed issues query for TypeScript 6.0.1 (RC)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.2%22\"\u003efixed issues query for TypeScript 6.0.2 (Stable)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eTypeScript 6.0 Beta\u003c/h2\u003e\n\u003cp\u003eFor release notes, check out the \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-6-0-beta/\"\u003erelease announcement\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\u0026amp;q=milestone%3A%22TypeScript+6.0.0%22+is%3Aclosed+\"\u003efixed issues query for Typescript 6.0.0 (Beta)\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eDownloads are available on:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/typescript\"\u003enpm\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/050880ce59e30b356b686bd3144efe24f875ebc8\"\u003e\u003ccode\u003e050880c\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.3 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/eeae9dd0f17aa494658e4ec079dc002e02dd625e\"\u003e\u003ccode\u003eeeae9dd\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63401\"\u003e#63401\u003c/a\u003e (Also check package name validity in...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/ad1c695fada682764bb510dd680e8f175ae54094\"\u003e\u003ccode\u003ead1c695\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63368\"\u003e#63368\u003c/a\u003e (Harden ATA package name filtering) into release-6.0 (\u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63372\"\u003e#63372\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/0725fb4664a1d5ec94040b6d94db77dc1cc354e4\"\u003e\u003ccode\u003e0725fb4\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63310\"\u003e#63310\u003c/a\u003e (Mark class property initializers as...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/607a22a90d1a5a1b507ce01bb8cd7ec020f954e7\"\u003e\u003ccode\u003e607a22a\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.2 and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/9e72ab71b575e26795d0d9eac3d2d9957beed17c\"\u003e\u003ccode\u003e9e72ab7\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63239\"\u003e#63239\u003c/a\u003e (Fix missing lib files in reused pro...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/35ff23d4b0cc715691323ebe54f523c16fe6e3a5\"\u003e\u003ccode\u003e35ff23d\u003c/code\u003e\u003c/a\u003e 🤖 Pick PR \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/issues/63163\"\u003e#63163\u003c/a\u003e (Port anyFunctionType subtype fix an...) into release-6.0 (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/e175b69138038953d4e85bf6529afe88d56d8fbe\"\u003e\u003ccode\u003ee175b69\u003c/code\u003e\u003c/a\u003e Bump version to 6.0.1-rc and LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/af4caac0e91e838c46b3fdc1c9afacad68800f89\"\u003e\u003ccode\u003eaf4caac\u003c/code\u003e\u003c/a\u003e Update LKG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/TypeScript/commit/8efd7e8544d8b35c9b33bca44a3124aa2613bf09\"\u003e\u003ccode\u003e8efd7e8\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into release-6.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/77mdias/criptenv/pull/23","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/77mdias%2Fcriptenv/issues/23","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/23/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-05-03T09:18:55.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4371373102","node_id":"PR_kwDOEUDDls7XwHJl","number":493,"state":"open","title":"fix(deps): bump the minor-patch-updates group across 1 directory with 56 updates","user":"dependabot[bot]","labels":["dependencies","npm"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-03T09:18:55.000Z","updated_at":"2026-05-03T09:19:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps): bump","group_name":"minor-patch-updates","update_count":56,"packages":[{"name":"@cognigy/rest-api-client","old_version":"2026.5.0","new_version":"2026.8.0"},{"name":"@langchain/community","old_version":"1.1.14","new_version":"1.1.27","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"@langchain/core","old_version":"1.1.24","new_version":"1.1.41","repository_url":"https://github.com/langchain-ai/langchainjs"},{"name":"fs-extra","old_version":"11.3.3","new_version":"11.3.4","repository_url":"https://github.com/jprichardson/node-fs-extra"},{"name":"inquirer","old_version":"13.2.2","new_version":"13.4.2","repository_url":"https://github.com/SBoudrias/Inquirer.js"},{"name":"mammoth","old_version":"1.11.0","new_version":"1.12.0","repository_url":"https://github.com/mwilliamson/mammoth.js"},{"name":"playwright","old_version":"1.58.2","new_version":"1.59.1","repository_url":"https://github.com/microsoft/playwright"},{"name":"@commitlint/cli","old_version":"20.4.2","new_version":"20.5.2","repository_url":"https://github.com/conventional-changelog/commitlint"},{"name":"@commitlint/prompt","old_version":"20.4.0","new_version":"20.5.2","repository_url":"https://github.com/conventional-changelog/commitlint"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"},{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@mongodb-js/saslprep","old_version":"1.4.6","new_version":"1.4.10","repository_url":"https://github.com/mongodb-js/devtools-shared"},{"name":"@xmldom/xmldom","old_version":"0.8.12","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"baseline-browser-mapping","old_version":"2.10.19","new_version":"2.10.25","repository_url":"https://github.com/web-platform-dx/baseline-browser-mapping"},{"name":"caniuse-lite","old_version":"1.0.30001788","new_version":"1.0.30001791","repository_url":"https://github.com/browserslist/caniuse-lite"},{"name":"electron-to-chromium","old_version":"1.5.336","new_version":"1.5.349","repository_url":"https://github.com/Kilian/electron-to-chromium"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.3","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"ibm-cloud-sdk-core","old_version":"5.4.11","new_version":"5.4.12","repository_url":"https://github.com/IBM/node-sdk-core"},{"name":"jsonfile","old_version":"6.2.0","new_version":"6.2.1","repository_url":"https://github.com/jprichardson/node-jsonfile"},{"name":"langsmith","old_version":"0.5.19","new_version":"0.6.0","repository_url":"https://github.com/langchain-ai/langsmith-sdk"},{"name":"mongoose","old_version":"9.4.1","new_version":"9.6.1","repository_url":"https://github.com/Automattic/mongoose"},{"name":"node-releases","old_version":"2.0.37","new_version":"2.0.38","repository_url":"https://github.com/chicoxyzzy/node-releases"},{"name":"npm","old_version":"11.12.1","new_version":"11.13.0","repository_url":"https://github.com/npm/cli"}],"path":null,"ecosystem":"npm"},"body":"Bumps the minor-patch-updates group with 24 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| @cognigy/rest-api-client | `2026.5.0` | `2026.8.0` |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs) | `1.1.14` | `1.1.27` |\n| [@langchain/core](https://github.com/langchain-ai/langchainjs) | `1.1.24` | `1.1.41` |\n| [fs-extra](https://github.com/jprichardson/node-fs-extra) | `11.3.3` | `11.3.4` |\n| [inquirer](https://github.com/SBoudrias/Inquirer.js) | `13.2.2` | `13.4.2` |\n| [mammoth](https://github.com/mwilliamson/mammoth.js) | `1.11.0` | `1.12.0` |\n| [playwright](https://github.com/microsoft/playwright) | `1.58.2` | `1.59.1` |\n| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.2` | `20.5.2` |\n| [@commitlint/prompt](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/prompt) | `20.4.0` | `20.5.2` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `4.0.0` | `4.0.1` |\n| [@mongodb-js/saslprep](https://github.com/mongodb-js/devtools-shared) | `1.4.6` | `1.4.10` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.12` | `0.8.13` |\n| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.19` | `2.10.25` |\n| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001788` | `1.0.30001791` |\n| [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.336` | `1.5.349` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` |\n| [ibm-cloud-sdk-core](https://github.com/IBM/node-sdk-core) | `5.4.11` | `5.4.12` |\n| [jsonfile](https://github.com/jprichardson/node-jsonfile) | `6.2.0` | `6.2.1` |\n| [langsmith](https://github.com/langchain-ai/langsmith-sdk) | `0.5.19` | `0.6.0` |\n| [mongoose](https://github.com/Automattic/mongoose) | `9.4.1` | `9.6.1` |\n| [node-releases](https://github.com/chicoxyzzy/node-releases) | `2.0.37` | `2.0.38` |\n| [npm](https://github.com/npm/cli) | `11.12.1` | `11.13.0` |\n\n\nUpdates `@cognigy/rest-api-client` from 2026.5.0 to 2026.8.0\n\nUpdates `@langchain/community` from 1.1.14 to 1.1.27\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchainjs/releases\"\u003e@​langchain/community's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.27\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/9270c48d7a95db6e7e2570a7e681c94479a673d0\"\u003e\u003ccode\u003e9270c48\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.38\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.27\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.26\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6933769836fe3cec835588e5f8db9883200865f6\"\u003e\u003ccode\u003e6933769\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/50d5f32fd30cabebf058b1c13255c1daadde6107\"\u003e\u003ccode\u003e50d5f32\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/555299917c90322e25d7671bad2e20c9b104bad6\"\u003e\u003ccode\u003e5552999\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/8331833c93ba907063c9fe28e9f935ed5dfec11c\"\u003e\u003ccode\u003e8331833\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.37\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.4.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.26\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/community\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.25\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies [\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/478652c01cdae0703415febd250b6c2656b36410\"\u003e\u003ccode\u003e478652c\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/3d35eb112b46b36aea80cebe0147e315d03a1d8e\"\u003e\u003ccode\u003e3d35eb1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/bbbfea185c0777ae06df2b24a1a84f941d499c2a\"\u003e\u003ccode\u003ebbbfea1\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/52e501b44ee54ace1889ec9149a3617c4409db51\"\u003e\u003ccode\u003e52e501b\u003c/code\u003e\u003c/a\u003e]:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/openai\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/classic\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.0.25\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.36\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6b914bceb4acd4664b12091770a2ddcbf5d8457e\"\u003e\u003ccode\u003e6b914bc\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10553\"\u003e#10553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/7ed93b8b8a6e9eb0da3e103d74087c692fee2773\"\u003e\u003ccode\u003e7ed93b8\u003c/code\u003e\u003c/a\u003e fix(langchain): allow dynamic tools in wrapModelCall with wrapToolCall (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10543\"\u003e#10543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/9270c48d7a95db6e7e2570a7e681c94479a673d0\"\u003e\u003ccode\u003e9270c48\u003c/code\u003e\u003c/a\u003e fix(openai): preserve reasoning_content in ChatOpenAICompletions (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10551\"\u003e#10551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/f54805305787fa383c3ce1e287daafdb5464a98b\"\u003e\u003ccode\u003ef548053\u003c/code\u003e\u003c/a\u003e fix(langchain): bump langgraph dep (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10555\"\u003e#10555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/11a295fdadec3809f40c10492e3fd474e832c468\"\u003e\u003ccode\u003e11a295f\u003c/code\u003e\u003c/a\u003e fix(langchain): add support for dynamic structured output (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10554\"\u003e#10554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e fix(langchain): accept cross-version runnable models in createAgent (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10552\"\u003e#10552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/cd86fea8de2130d0df60805baada81958d47c747\"\u003e\u003ccode\u003ecd86fea\u003c/code\u003e\u003c/a\u003e fix: implement tool choice required on anthropic (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10519\"\u003e#10519\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/b57760c55a721ed65a456bbad11172e35adee177\"\u003e\u003ccode\u003eb57760c\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10516\"\u003e#10516\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6e2d29e28a8f2a84f6fbbe5755d6b4fe2d5d4fd1\"\u003e\u003ccode\u003e6e2d29e\u003c/code\u003e\u003c/a\u003e tests(\u003ccode\u003e@​langchain/google\u003c/code\u003e): Lyria 3 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10522\"\u003e#10522\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/68e0a19238be592514b6c01243c41aefaa6a7668\"\u003e\u003ccode\u003e68e0a19\u003c/code\u003e\u003c/a\u003e fix(langchain): revert zod import in utils.ts to fix v3/v4 interop (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10545\"\u003e#10545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/@langchain/community@1.1.14...@langchain/community@1.1.27\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@langchain/core` from 1.1.24 to 1.1.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/langchain-ai/langchainjs/releases\"\u003e@​langchain/core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.41\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10733\"\u003e#10733\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589f29ce844eb252c2d5e6b0f8d26de37763a0d7\"\u003e\u003ccode\u003e589f29c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - fix(core): Update inheritance behavior for tracer metadata for special keys\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10711\"\u003e#10711\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2e9e6969e248a53ede0659a41d0ac8dbaf291ab4\"\u003e\u003ccode\u003e2e9e696\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - feat(core): Add chat model and llm invocation params to traced metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.40\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10694\"\u003e#10694\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/d3e080995bb267bf3797067ab53c96bc2a6c8e3f\"\u003e\u003ccode\u003ed3e0809\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - refactor(core): decouple tracer-only metadata defaults from runnable metadata\n\u003cul\u003e\n\u003cli\u003eAdd tracer-scoped inheritable metadata/tag options in callback manager while keeping backward-compatible aliases.\u003c/li\u003e\n\u003cli\u003eMove configurable-to-tracing metadata derivation into a tracer-only path and keep \u003ccode\u003eensureConfig\u003c/code\u003e metadata mirroring limited to \u003ccode\u003emodel\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003eLangChainTracer\u003c/code\u003e default metadata/tag handling and add regression tests for stream events metadata behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.39\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10430\"\u003e#10430\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/d3d0922c24afcd3006fb94dcadd3ebe08fbf2383\"\u003e\u003ccode\u003ed3d0922\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - feat(langchain): support for browser tools\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.38\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10552\"\u003e#10552\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589ab9be391a5d6c104f34877fc1b3e2a32fa449\"\u003e\u003ccode\u003e589ab9b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - fix(langchain): accept cross-version runnable models in createAgent\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.37\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10511\"\u003e#10511\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/6933769836fe3cec835588e5f8db9883200865f6\"\u003e\u003ccode\u003e6933769\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - cache Zod-to-JSON-Schema conversions in toJsonSchema()\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10541\"\u003e#10541\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/50d5f32fd30cabebf058b1c13255c1daadde6107\"\u003e\u003ccode\u003e50d5f32\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jacoblee93\"\u003e\u003ccode\u003e@​jacoblee93\u003c/code\u003e\u003c/a\u003e! - revert: Revert \u0026quot;feat(core): Add all chat model/llm invocation params to metadata\u0026quot;\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10509\"\u003e#10509\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/555299917c90322e25d7671bad2e20c9b104bad6\"\u003e\u003ccode\u003e5552999\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - feat(openai): add support for phase parameter on Responses API messages\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eExtract \u003ccode\u003ephase\u003c/code\u003e from message output items and surface it on text content blocks\u003c/li\u003e\n\u003cli\u003eSupport phase in streaming via \u003ccode\u003eresponse.output_item.added\u003c/code\u003e events\u003c/li\u003e\n\u003cli\u003eRound-trip phase through both raw provider and standard content paths\u003c/li\u003e\n\u003cli\u003eMove phase into \u003ccode\u003eextras\u003c/code\u003e dict in the core standard content translator\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10528\"\u003e#10528\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/8331833c93ba907063c9fe28e9f935ed5dfec11c\"\u003e\u003ccode\u003e8331833\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/christian-bromann\"\u003e\u003ccode\u003e@​christian-bromann\u003c/code\u003e\u003c/a\u003e! - fix(core): normalize single-block content in mergeContent\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.36\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/pull/10512\"\u003e#10512\u003c/a\u003e \u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/bbbfea185c0777ae06df2b24a1a84f941d499c2a\"\u003e\u003ccode\u003ebbbfea1\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/hntrl\"\u003e\u003ccode\u003e@​hntrl\u003c/code\u003e\u003c/a\u003e! - fix(core): fix streaming chunk merge for providers without \u003ccode\u003eindex\u003c/code\u003e on tool call deltas\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003e_mergeLists\u003c/code\u003e now falls back to \u003ccode\u003eid\u003c/code\u003e-based matching when items don't have an \u003ccode\u003eindex\u003c/code\u003e field. Previously, providers routing through the OpenAI-compatible API without \u003ccode\u003eindex\u003c/code\u003e on streaming tool call deltas (e.g. Anthropic models via \u003ccode\u003eChatOpenAI\u003c/code\u003e) would accumulate hundreds of individual raw deltas in \u003ccode\u003etool_call_chunks\u003c/code\u003e and \u003ccode\u003eadditional_kwargs.tool_calls\u003c/code\u003e instead of merging them into a single entry per tool call. In a real trace with 3 concurrent subagents, this caused a single AI message to balloon from ~4KB to 146KB -- with 826 uncollapsed streaming fragments carrying a few bytes each.\u003c/p\u003e\n\u003cp\u003eAlso fixes \u003ccode\u003eSystemMessage.concat()\u003c/code\u003e which used \u003ccode\u003e...this\u003c/code\u003e to spread all instance properties (including \u003ccode\u003elc_kwargs\u003c/code\u003e) into the new constructor, causing each chained \u003ccode\u003econcat()\u003c/code\u003e call to nest one level deeper. After 7 middleware \u003ccode\u003econcat()\u003c/code\u003e calls (typical in deepagents), a 7KB system prompt would serialize to 81KB due to content being duplicated at every nesting level.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ccode\u003e@​langchain/core\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.1.35\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/f6de26c8f8e010a8a27d9e0b47347ccd85ef0ca6\"\u003e\u003ccode\u003ef6de26c\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10725\"\u003e#10725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/345fd642fb47373cc82e22efc37cdc3da4683d52\"\u003e\u003ccode\u003e345fd64\u003c/code\u003e\u003c/a\u003e fix(deps): patch 7 critical/high Dependabot security alerts (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10734\"\u003e#10734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/589f29ce844eb252c2d5e6b0f8d26de37763a0d7\"\u003e\u003ccode\u003e589f29c\u003c/code\u003e\u003c/a\u003e fix(core): Update inheritance behavior for tracer metadata for special keys (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/ad153c185b6cf813d4b7695740d9a4453d2cb63f\"\u003e\u003ccode\u003ead153c1\u003c/code\u003e\u003c/a\u003e feat(anthropic): add opus 4.7 compatibility updates (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10726\"\u003e#10726\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/49ac9e7404e5a9269b9ac047711ee96dd928b231\"\u003e\u003ccode\u003e49ac9e7\u003c/code\u003e\u003c/a\u003e feat(langchain): Adds ls_agent_type to create agent runs as tracing metadata ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/2e9e6969e248a53ede0659a41d0ac8dbaf291ab4\"\u003e\u003ccode\u003e2e9e696\u003c/code\u003e\u003c/a\u003e feat(core): Add chat model and llm invocation params to traced metadata (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10711\"\u003e#10711\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/0bf9d7e066bce89400a96001f1962a8648753e01\"\u003e\u003ccode\u003e0bf9d7e\u003c/code\u003e\u003c/a\u003e chore(deps): bump langsmith from 0.5.18 to 0.5.19 (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10714\"\u003e#10714\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/0c799481f691e046a4533588fc96e190669fa16e\"\u003e\u003ccode\u003e0c79948\u003c/code\u003e\u003c/a\u003e chore: version packages (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10699\"\u003e#10699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/c955df43ec72bd9530781186378ad88cccaa1306\"\u003e\u003ccode\u003ec955df4\u003c/code\u003e\u003c/a\u003e chore(ci): use pnpm and peerDeps for pkg.pr.new previews (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10702\"\u003e#10702\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langchainjs/commit/301b086d697861b3255419f007ea676aa7a117d2\"\u003e\u003ccode\u003e301b086\u003c/code\u003e\u003c/a\u003e ci: add PR title lint workflow (\u003ca href=\"https://redirect.github.com/langchain-ai/langchainjs/issues/10703\"\u003e#10703\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/langchain-ai/langchainjs/compare/@langchain/core@1.1.24...@langchain/core@1.1.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fs-extra` from 11.3.3 to 11.3.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md\"\u003efs-extra's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e11.3.4 / 2026-03-03\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix bug where calling \u003ccode\u003eensureSymlink\u003c/code\u003e/\u003ccode\u003eensureSymlinkSync\u003c/code\u003e with a relative \u003ccode\u003esrcPath\u003c/code\u003e would fail if the symlink already existed (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1038\"\u003e#1038\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/pull/1064\"\u003e#1064\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/353a29b18c883fa0f3997fd8be90a89077633af4\"\u003e\u003ccode\u003e353a29b\u003c/code\u003e\u003c/a\u003e 11.3.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/3e65fbe81e565e2cd16a5f0ff1b3d8623610bb7a\"\u003e\u003ccode\u003e3e65fbe\u003c/code\u003e\u003c/a\u003e fix(ensureSymlink): resolve relative srcpath correctly when symlink exists (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jprichardson/node-fs-extra/commit/e2615e501e7b261b832170b3eb7e26c82668b215\"\u003e\u003ccode\u003ee2615e5\u003c/code\u003e\u003c/a\u003e Fix git URL in package.json (\u003ca href=\"https://redirect.github.com/jprichardson/node-fs-extra/issues/1062\"\u003e#1062\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/jprichardson/node-fs-extra/compare/11.3.3...11.3.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `inquirer` from 13.2.2 to 13.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/releases\"\u003einquirer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003einquirer@13.4.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix: some Windows terminals would freeze and not react to keypresses.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImprove \u003ccode\u003eexpand\u003c/code\u003e prompt type inferrence.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.4.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFeat: Added a loading message while validating editor prompt input.\u003c/li\u003e\n\u003cli\u003eType improvement: Better type inference with checkbox, search and expand prompts.\u003c/li\u003e\n\u003cli\u003eFix: \u003ccode\u003eeditor\u003c/code\u003e prompt not always properly handling editor path on windows.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.3.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix broken 1.3.1 release process.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003einquirer@13.2.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/input\u003c/code\u003e): handle numeric default values by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1978\"\u003eSBoudrias/Inquirer.js#1978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the linting group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1982\"\u003eSBoudrias/Inquirer.js#1982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1983\"\u003eSBoudrias/Inquirer.js#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1984\"\u003eSBoudrias/Inquirer.js#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1985\"\u003eSBoudrias/Inquirer.js#1985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor(\u003ccode\u003e@​inquirer/core\u003c/code\u003e): replace wrap-ansi with fast-wrap-ansi by \u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1981\"\u003eSBoudrias/Inquirer.js#1981\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump semver from 7.7.3 to 7.7.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1992\"\u003eSBoudrias/Inquirer.js#1992\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the build group with 3 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1990\"\u003eSBoudrias/Inquirer.js#1990\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1991\"\u003eSBoudrias/Inquirer.js#1991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.27.0 to 0.28.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1989\"\u003eSBoudrias/Inquirer.js#1989\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): add E2E testing support for CLI applications by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1980\"\u003eSBoudrias/Inquirer.js#1980\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): auto-mock \u003ccode\u003e@​inquirer/prompts\u003c/code\u003e barrel re-exports by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1994\"\u003eSBoudrias/Inquirer.js#1994\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: auto-merge dependabot PRs for patch and minor updates by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1995\"\u003eSBoudrias/Inquirer.js#1995\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): prevent artificial line wrapping in test output by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1996\"\u003eSBoudrias/Inquirer.js#1996\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): declare @inquirer/* packages as optional peerDependencies by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1997\"\u003eSBoudrias/Inquirer.js#1997\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.28.0 to 0.32.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1999\"\u003eSBoudrias/Inquirer.js#1999\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.8.3 to 2.8.9 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2000\"\u003eSBoudrias/Inquirer.js#2000\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2001\"\u003eSBoudrias/Inquirer.js#2001\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump vitest from 3.2.4 to 4.0.18 in the testing group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1998\"\u003eSBoudrias/Inquirer.js#1998\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump \u003ccode\u003e@​xterm/headless\u003c/code\u003e from 5.5.0 to 6.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2002\"\u003eSBoudrias/Inquirer.js#2002\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/testing\u003c/code\u003e): handle SWC-style module namespace objects in wrapPrompt by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/2004\"\u003eSBoudrias/Inquirer.js#2004\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/njg7194\"\u003e\u003ccode\u003e@​njg7194\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1981\"\u003eSBoudrias/Inquirer.js#1981\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.2.5\"\u003ehttps://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.2.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003einquirer@13.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(\u003ccode\u003e@​inquirer/input\u003c/code\u003e): handle numeric default values by \u003ca href=\"https://github.com/SBoudrias\"\u003e\u003ccode\u003e@​SBoudrias\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1978\"\u003eSBoudrias/Inquirer.js#1978\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump the linting group with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1982\"\u003eSBoudrias/Inquirer.js#1982\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump oxfmt from 0.26.0 to 0.27.0 in the formatting group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1983\"\u003eSBoudrias/Inquirer.js#1983\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps-dev): Bump turbo from 2.7.6 to 2.8.1 in the build group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1984\"\u003eSBoudrias/Inquirer.js#1984\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): Bump the types group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/pull/1985\"\u003eSBoudrias/Inquirer.js#1985\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/35bda2afd31b4acca8f800259b9f7ca4e95a1d9d\"\u003e\u003ccode\u003e35bda2a\u003c/code\u003e\u003c/a\u003e chore: Publish new release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/98eee295e15283675e6264bbbcef4e09bb96e17e\"\u003e\u003ccode\u003e98eee29\u003c/code\u003e\u003c/a\u003e fix(lint): suppress no-unnecessary-type-parameters on parseJSON helper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/aba596504234db6c516ff1a145dbf3b58e7d490c\"\u003e\u003ccode\u003eaba5965\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump \u003ccode\u003e@​types/node\u003c/code\u003e in the types group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2088\"\u003e#2088\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/db8fbf1bd466aa93429528674ee0e155fef405be\"\u003e\u003ccode\u003edb8fbf1\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump turbo from 2.9.5 to 2.9.6 in the build group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2087\"\u003e#2087\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/3cdecf52aca9fde0b31fb66dbc55237a9f315e79\"\u003e\u003ccode\u003e3cdecf5\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump oxfmt in the formatting group (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2086\"\u003e#2086\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e370b57fd16ec01e07601684b6e635437ccc9481\"\u003e\u003ccode\u003ee370b57\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the linting group with 5 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2085\"\u003e#2085\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/27872678c1b9951e70ed40b92a6321145a028c1d\"\u003e\u003ccode\u003e2787267\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the testing group with 3 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2084\"\u003e#2084\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/0c554996d480b1fc458181998f056f8d1af3197a\"\u003e\u003ccode\u003e0c55499\u003c/code\u003e\u003c/a\u003e chore(deps-dev): Bump the formatting group with 2 updates (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2081\"\u003e#2081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e7115d913a6678d38a8ec0f1b3b5a09b53e14918\"\u003e\u003ccode\u003ee7115d9\u003c/code\u003e\u003c/a\u003e fix(\u003ccode\u003e@​inquirer/core\u003c/code\u003e): mute output after readline initialization (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2077\"\u003e#2077\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/SBoudrias/Inquirer.js/commit/e5e14ab557dd77d9b074f574bf839acbab7b3524\"\u003e\u003ccode\u003ee5e14ab\u003c/code\u003e\u003c/a\u003e chore(deps): Bump dependabot/fetch-metadata from 2 to 3 (\u003ca href=\"https://redirect.github.com/SBoudrias/Inquirer.js/issues/2078\"\u003e#2078\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/SBoudrias/Inquirer.js/compare/inquirer@13.2.2...inquirer@13.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mammoth` from 1.11.0 to 1.12.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mwilliamson/mammoth.js/blob/master/NEWS\"\u003emammoth's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.12.0\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eHandle hyperlinked wp:anchor and wp:inline elements.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle hyperlink complex fields with unquoted hrefs.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/380a4a8279a22201d0a3f729cc4f3587f104877d\"\u003e\u003ccode\u003e380a4a8\u003c/code\u003e\u003c/a\u003e Bump version to 1.12.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/0830b29be54e02460654cd60116472cb9e065472\"\u003e\u003ccode\u003e0830b29\u003c/code\u003e\u003c/a\u003e Clarify variable name\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/8e6c5c7a3387b43b5d10f81357f7a1e1d87f451b\"\u003e\u003ccode\u003e8e6c5c7\u003c/code\u003e\u003c/a\u003e Clarify test names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/04ac1b979cb0539bd70445e3c4ed82572309ffe0\"\u003e\u003ccode\u003e04ac1b9\u003c/code\u003e\u003c/a\u003e Simplify HYPERLINK field handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/6cfbe0b8952b809bb1a3564041c8155405336167\"\u003e\u003ccode\u003e6cfbe0b\u003c/code\u003e\u003c/a\u003e Handle hyperlink complex fields with unquoted hrefs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mwilliamson/mammoth.js/commit/5b8d20f1cdca33a08cd0cb72af5b13c22653cea3\"\u003e\u003ccode\u003e5b8d20f\u003c/code\u003e\u003c/a\u003e Handle hyperlinked wp:anchor and wp:inline elements\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/mwilliamson/mammoth.js/compare/1.11.0...1.12.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `playwright` from 1.58.2 to 1.59.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/playwright/releases\"\u003eplaywright's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.59.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e[Windows]\u003c/strong\u003e Reverted hiding console window when spawning browser processes, which caused regressions including broken \u003ccode\u003ecodegen\u003c/code\u003e, \u003ccode\u003e--ui\u003c/code\u003e and \u003ccode\u003eshow\u003c/code\u003e commands (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39990\"\u003e#39990\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.59.0\u003c/h2\u003e\n\u003ch2\u003e🎬 Screencast\u003c/h2\u003e\n\u003cp\u003eNew \u003ca href=\"https://playwright.dev/docs/api/class-page#page-screencast\"\u003epage.screencast\u003c/a\u003e API provides a unified interface for capturing page content with:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eScreencast recordings\u003c/li\u003e\n\u003cli\u003eAction annotations\u003c/li\u003e\n\u003cli\u003eVisual overlays\u003c/li\u003e\n\u003cli\u003eReal-time frame capture\u003c/li\u003e\n\u003cli\u003eAgentic video receipts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003e\u003cstrong\u003eScreencast recording\u003c/strong\u003e — record video with precise start/stop control, as an alternative to the \u003ca href=\"https://playwright.dev/docs/api/class-browser#browser-new-context-option-record-video\"\u003e\u003ccode\u003erecordVideo\u003c/code\u003e\u003c/a\u003e option:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eawait page.screencast.start({ path: 'video.webm' });\r\n// ... perform actions ...\r\nawait page.screencast.stop();\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003cstrong\u003eAction annotations\u003c/strong\u003e — enable built-in visual annotations that highlight interacted elements and display action titles during recording:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eawait page.screencast.showActions({ position: 'top-right' });\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e\u003ca href=\"https://playwright.dev/docs/api/class-screencast#screencast-show-actions\"\u003escreencast.showActions()\u003c/a\u003e accepts \u003ccode\u003eposition\u003c/code\u003e (\u003ccode\u003e'top-left'\u003c/code\u003e, \u003ccode\u003e'top'\u003c/code\u003e, \u003ccode\u003e'top-right'\u003c/code\u003e, \u003ccode\u003e'bottom-left'\u003c/code\u003e, \u003ccode\u003e'bottom'\u003c/code\u003e, \u003ccode\u003e'bottom-right'\u003c/code\u003e), \u003ccode\u003eduration\u003c/code\u003e (ms per annotation), and \u003ccode\u003efontSize\u003c/code\u003e (px). Returns a disposable to stop showing actions.\u003c/p\u003e\n\u003cp\u003eAction annotations can also be enabled in test fixtures via the \u003ccode\u003evideo\u003c/code\u003e option:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// playwright.config.ts\r\nexport default defineConfig({\r\n  use: {\r\n    video: {\r\n      mode: 'on',\r\n      show: {\r\n        actions: { position: 'top-left' },\r\n        test: { position: 'top-right' },\r\n      },\r\n\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/d466ac5358cae058cdc75d2ae3ab3ad220042730\"\u003e\u003ccode\u003ed466ac5\u003c/code\u003e\u003c/a\u003e chore: mark v1.59.1 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/40005\"\u003e#40005\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/530e7e5f0021730948605a5788790d353d9cf444\"\u003e\u003ccode\u003e530e7e5\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/4004\"\u003e#4004\u003c/a\u003e): fix(cli): kill-all should kill dashboard\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/9aa216c8d7f866e8a8fa94ca55d86e81a8f4decb\"\u003e\u003ccode\u003e9aa216c\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39994\"\u003e#39994\u003c/a\u003e): Revert \u0026quot;fix(windows): hide console window when spawning ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/01b2b1533e0bfa1c582117e3ec109fcb57657747\"\u003e\u003ccode\u003e01b2b15\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39980\"\u003e#39980\u003c/a\u003e): chore: more release notes fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/a5cb6c9a2f52078de075413beb812e3180d195ba\"\u003e\u003ccode\u003ea5cb6c9\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39972\"\u003e#39972\u003c/a\u003e): chore: expose browser.bind and browser.unbind APIs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/99a17b58541798b03257c57a9e5589db2394f89e\"\u003e\u003ccode\u003e99a17b5\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39975\"\u003e#39975\u003c/a\u003e): chore: support opening .trace files via .link indirection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/43607c3b71d89445a6473708429eeecd6f571d6e\"\u003e\u003ccode\u003e43607c3\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39974\"\u003e#39974\u003c/a\u003e): chore(webkit): update Safari user-agent version to 26.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/62cabe19eb07e329086e5cb20441737cf51367d0\"\u003e\u003ccode\u003e62cabe1\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39969\"\u003e#39969\u003c/a\u003e): chore(npm): include all *.md from lib (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39970\"\u003e#39970\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/0c65a759af337ba5143ebbe34afe4141482ce2d4\"\u003e\u003ccode\u003e0c65a75\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39968\"\u003e#39968\u003c/a\u003e): chore: screencast.showActions api\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/f04155b09034c21719162146d6016de9933a2dbe\"\u003e\u003ccode\u003ef04155b\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/39958\"\u003e#39958\u003c/a\u003e): chore: release notes for langs v1.59\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/playwright/compare/v1.58.2...v1.59.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/cli` from 20.4.2 to 20.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/cli's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCore \u0026amp; co\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: deps and CI improvements by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4660\"\u003econventional-changelog/commitlint#4660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore push on all branches, avoid duplicate runs by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4665\"\u003econventional-changelog/commitlint#4665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(resolve-extends): always resolve extended parser presets for proper merging by \u003ca href=\"https://github.com/omar-y-abdi\"\u003e\u003ccode\u003e@​omar-y-abdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4647\"\u003econventional-changelog/commitlint#4647\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md\"\u003e@​commitlint/cli's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/cli\u003c/code\u003e\u003c/p\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecli:\u003c/strong\u003e validate that --cwd directory exists before execution (\u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4658\"\u003e#4658\u003c/a\u003e) (\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/cf80f75745593f4f018cac301a91f23316c974fd\"\u003ecf80f75\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4595\"\u003e#4595\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.3...v20.4.4\"\u003e20.4.4\u003c/a\u003e (2026-03-12)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/cli\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.2...v20.4.3\"\u003e20.4.3\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efooter parser does not escape special chars for regex \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4560\"\u003e#4560\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/issues/4634\"\u003e#4634\u003c/a\u003e) (\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/8ff7c7fcbc2db2b45910ecb5c01e9f1763060770\"\u003e8ff7c7f\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7918e9cf70f822505cb4422c03150a86f802627\"\u003e\u003ccode\u003ea7918e9\u003c/code\u003e\u003c/a\u003e v20.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/cf80f75745593f4f018cac301a91f23316c974fd\"\u003e\u003ccode\u003ecf80f75\u003c/code\u003e\u003c/a\u003e fix(cli): validate that --cwd directory exists before execution (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4658\"\u003e#4658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/02d7245e9b204ed07a68298e4d73c8d82a4b7f81\"\u003e\u003ccode\u003e02d7245\u003c/code\u003e\u003c/a\u003e v20.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7469817974796a6e89f55911bb66b7bffa44099\"\u003e\u003ccode\u003ea746981\u003c/code\u003e\u003c/a\u003e v20.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/18bd371428771ecc98a7b2f00194bfcbfb4ba809\"\u003e\u003ccode\u003e18bd371\u003c/code\u003e\u003c/a\u003e chore: deps (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4635\"\u003e#4635\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/8ff7c7fcbc2db2b45910ecb5c01e9f1763060770\"\u003e\u003ccode\u003e8ff7c7f\u003c/code\u003e\u003c/a\u003e fix: footer parser does not escape special chars for regex \u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4560\"\u003e#4560\u003c/a\u003e (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli/issues/4634\"\u003e#4634\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.2/@commitlint/cli\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/prompt` from 20.4.0 to 20.5.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/prompt's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/prompt/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCore \u0026amp; co\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: deps and CI improvements by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4660\"\u003econventional-changelog/commitlint#4660\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: restore push on all branches, avoid duplicate runs by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4665\"\u003econventional-changelog/commitlint#4665\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.0\u003c/h2\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(resolve-extends): always resolve extended parser presets for proper merging by \u003ca href=\"https://github.com/omar-y-abdi\"\u003e\u003ccode\u003e@​omar-y-abdi\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4647\"\u003econventional-changelog/commitlint#4647\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/prompt/CHANGELOG.md\"\u003e@​commitlint/prompt's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch1\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.4...v20.5.0\"\u003e20.5.0\u003c/a\u003e (2026-03-15)\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.3...v20.4.4\"\u003e20.4.4\u003c/a\u003e (2026-03-12)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.2...v20.4.3\"\u003e20.4.3\u003c/a\u003e (2026-03-03)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.1...v20.4.2\"\u003e20.4.2\u003c/a\u003e (2026-02-19)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.4.0...v20.4.1\"\u003e20.4.1\u003c/a\u003e (2026-02-02)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/prompt\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7918e9cf70f822505cb4422c03150a86f802627\"\u003e\u003ccode\u003ea7918e9\u003c/code\u003e\u003c/a\u003e v20.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/02d7245e9b204ed07a68298e4d73c8d82a4b7f81\"\u003e\u003ccode\u003e02d7245\u003c/code\u003e\u003c/a\u003e v20.4.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/a7469817974796a6e89f55911bb66b7bffa44099\"\u003e\u003ccode\u003ea746981\u003c/code\u003e\u003c/a\u003e v20.4.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/81cfc9e5e9d452b68b5809e57196ca0c03fd7b85\"\u003e\u003ccode\u003e81cfc9e\u003c/code\u003e\u003c/a\u003e v20.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/e7ae28d1f71299cedcafe3360f376c93800b283a\"\u003e\u003ccode\u003ee7ae28d\u003c/code\u003e\u003c/a\u003e v20.4.1\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.2/@commitlint/prompt\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e@​actions/core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e@​actions/http-client's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/load` from 20.5.0 to 20.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/load's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003e20.5.3\u003c/a\u003e (2026-04-30)\u003c/h2\u003e\n\u003ch2\u003eRefactor\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erefactor: replace all lodash.* dependencies with es-toolkit/compat by \u003ca href=\"https://github.com/debuggingfuture\"\u003e\u003ccode\u003e@​debuggingfuture\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4734\"\u003econventional-changelog/commitlint#4734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: use nodejs commands for creating files on Windows (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4728\"\u003e#4728\u003c/a\u003e) by \u003ca href=\"https://github.com/festoney8\"\u003e\u003ccode\u003e@​festoney8\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4730\"\u003econventional-changelog/commitlint#4730\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/festoney8\"\u003e\u003ccode\u003e@​festoney8\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4730\"\u003econventional-changelog/commitlint#4730\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/debuggingfuture\"\u003e\u003ccode\u003e@​debuggingfuture\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4734\"\u003econventional-changelog/commitlint#4734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003eJust minor dep updates before the next breaking change\u003c/p\u003e\n\u003ch2\u003eChore \u0026amp; Docs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove codesandbox ci integration by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4680\"\u003econventional-changelog/commitlint#4680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: add Windows UTF-8 encoding note to getting started guide by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: improve parserPreset documentation with examples and options reference by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4700\"\u003econventional-changelog/commitlint#4700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: fix subject-case rule default from 'always' to 'never' by \u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4703\"\u003econventional-changelog/commitlint#4703\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Chessing234\"\u003e\u003ccode\u003e@​Chessing234\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4699\"\u003econventional-changelog/commitlint#4699\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003ehttps://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev20.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.0...v20.5.1\"\u003e20.5.1\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix(cz-commitlint): add VS16 to single character emojis by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4666\"\u003econventional-changelog/commitlint#4666\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cz-commitlint): handle modifiers correctly by \u003ca href=\"https://github.com/mrt181\"\u003e\u003ccode\u003e@​mrt181\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4667\"\u003econventional-changelog/commitlint#4667\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eReverts\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;fix: update dependency global-directory to v5 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4671\"\u003e#4671\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/escapedcat\"\u003e\u003ccode\u003e@​escapedcat\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/conventional-changelog/commitlint/pull/4677\"\u003econventional-changelog/commitlint#4677\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/load/CHANGELOG.md\"\u003e@​commitlint/load's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.2...v20.5.3\"\u003e20.5.3\u003c/a\u003e (2026-04-30)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/load\u003c/code\u003e\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/compare/v20.5.1...v20.5.2\"\u003e20.5.2\u003c/a\u003e (2026-04-25)\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e Version bump only for package \u003ccode\u003e@​commitlint/load\u003c/code\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/31e959a3d17d4403f1142f825c43cccf2e0f7dc4\"\u003e\u003ccode\u003e31e959a\u003c/code\u003e\u003c/a\u003e v20.5.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/e3d2c9dfe74b7d9be87019a28920c44818dd364d\"\u003e\u003ccode\u003ee3d2c9d\u003c/code\u003e\u003c/a\u003e refactor: replace all lodash.* dependencies with es-toolkit/compat (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4734\"\u003e#4734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/7fe86b28f0779cce8d8459bdcc83c849936a1b80\"\u003e\u003ccode\u003e7fe86b2\u003c/code\u003e\u003c/a\u003e v20.5.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/conventional-changelog/commitlint/commit/029aceda8e7876f2020c5e636c361517bd025d61\"\u003e\u003ccode\u003e029aced\u003c/code\u003e\u003c/a\u003e chore: update dependency typescript to v6 (\u003ca href=\"https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/load/issues/4697\"\u003e#4697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/conventional-changelog/commitlint/commits/v20.5.3/@commitlint/load\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@commitlint/resolve-extends` from 20.5.0 to 20.5.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/conventional-changelog/commitlint/releases\"\u003e@​commitlint/resolve-extends's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev20.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"...\n\n_Description has been truncated_","html_url":"https://github.com/Cognigy/Cognigy-CLI/pull/493","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cognigy%2FCognigy-CLI/issues/493","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/493/packages"}},{"old_version":"3.0.2","new_version":"4.0.1","update_type":"major","path":null,"pr_created_at":"2026-04-27T23:32:02.000Z","version_change":"3.0.2 → 4.0.1","issue":{"uuid":"4339481916","node_id":"PR_kwDOJaX2Zs7WJWgb","number":402,"state":"closed","title":"Bump @actions/http-client from 3.0.2 to 4.0.1","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-06-12T23:04:26.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T23:32:02.000Z","updated_at":"2026-06-12T23:04:28.000Z","time_to_close":3972744,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"3.0.2","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 3.0.2 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=3.0.2\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nYou can trigger a rebase of this PR by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003e **Note**\n\u003e Automatic rebases have been disabled on this pull request as it has been open for over 30 days.","html_url":"https://github.com/rubygems/configure-rubygems-credentials/pull/402","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rubygems%2Fconfigure-rubygems-credentials/issues/402","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/402/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-04-23T23:05:23.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4319383228","node_id":"PR_kwDOLFLYxM7VJnzs","number":950,"state":"closed","title":"Bump the npm-dependencies group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-07T23:05:41.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-23T23:05:23.000Z","updated_at":"2026-05-07T23:05:43.000Z","time_to_close":1209618,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm-dependencies","update_count":9,"packages":[{"name":"@actions/core","old_version":"3.0.0","new_version":"3.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/github","old_version":"9.0.0","new_version":"9.1.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/glob","old_version":"0.6.1","new_version":"0.7.0","repository_url":"https://github.com/actions/toolkit"},{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"},{"name":"@types/node","old_version":"25.5.0","new_version":"25.6.0","repository_url":"https://github.com/DefinitelyTyped/DefinitelyTyped"},{"name":"@typescript-eslint/eslint-plugin","old_version":"8.58.0","new_version":"8.59.0","repository_url":"https://github.com/typescript-eslint/typescript-eslint"},{"name":"eslint","old_version":"10.1.0","new_version":"10.2.1","repository_url":"https://github.com/eslint/eslint"},{"name":"globals","old_version":"17.4.0","new_version":"17.5.0","repository_url":"https://github.com/sindresorhus/globals"},{"name":"prettier","old_version":"3.8.1","new_version":"3.8.3","repository_url":"https://github.com/prettier/prettier"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm-dependencies group with 9 updates in the /sources directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) | `3.0.0` | `3.0.1` |\n| [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) | `9.0.0` | `9.1.1` |\n| [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) | `0.6.1` | `0.7.0` |\n| [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) | `4.0.0` | `4.0.1` |\n| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.5.0` | `25.6.0` |\n| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.58.0` | `8.59.0` |\n| [eslint](https://github.com/eslint/eslint) | `10.1.0` | `10.2.1` |\n| [globals](https://github.com/sindresorhus/globals) | `17.4.0` | `17.5.0` |\n| [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` |\n\n\nUpdates `@actions/core` from 3.0.0 to 3.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md\"\u003e\u003ccode\u003e@​actions/core\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2348\"\u003e#2348\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/github` from 9.0.0 to 9.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md\"\u003e\u003ccode\u003e@​actions/github\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e9.1.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2346\"\u003e#2346\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e9.1.0\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAppend \u003ccode\u003eactions_orchestration_id\u003c/code\u003e to user-agent when the \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is set \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2364\"\u003e#2364\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/github\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/glob` from 0.6.1 to 0.7.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md\"\u003e\u003ccode\u003e@​actions/glob\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e from \u003ccode\u003e^3.0.4\u003c/code\u003e to \u003ccode\u003e^10.2.5\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2355\"\u003e#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2345\"\u003e#2345\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003ebrace-expansion\u003c/code\u003e in \u003ccode\u003e/packages/glob\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2369\"\u003e#2369\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/glob\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 4.0.0 to 4.0.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@types/node` from 25.5.0 to 25.6.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@typescript-eslint/eslint-plugin` from 8.58.0 to 8.59.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases\"\u003e\u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.59.0\u003c/h2\u003e\n\u003ch2\u003e8.59.0 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-type-assertion] report more cases based on assignability (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11789\"\u003e#11789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUlrich Stark\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.0\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003ev8.58.2\u003c/h2\u003e\n\u003ch2\u003e8.58.2 (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eremove tsbuildinfo cache file from published packages (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-condition] use assignability checks in checkTypePredicates (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12147\"\u003e#12147\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAbhijeet Singh \u003ca href=\"https://github.com/cseas\"\u003e\u003ccode\u003e@​cseas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e송재욱\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.2\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003ev8.58.1\u003c/h2\u003e\n\u003ch2\u003e8.58.1 (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unused-vars] fix false negative for type predicate parameter (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12004\"\u003e#12004\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinJae \u003ca href=\"https://github.com/Ju-MINJAE\"\u003e\u003ccode\u003e@​Ju-MINJAE\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md\"\u003e\u003ccode\u003e@​typescript-eslint/eslint-plugin\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.59.0 (2026-04-20)\u003c/h2\u003e\n\u003ch3\u003e🚀 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-type-assertion] report more cases based on assignability (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11789\"\u003e#11789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUlrich Stark\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.0\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003e8.58.2 (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unnecessary-condition] use assignability checks in checkTypePredicates (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12147\"\u003e#12147\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove tsbuildinfo cache file from published packages (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAbhijeet Singh \u003ca href=\"https://github.com/cseas\"\u003e\u003ccode\u003e@​cseas\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e송재욱\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.2\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003ch2\u003e8.58.1 (2026-04-08)\u003c/h2\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eeslint-plugin:\u003c/strong\u003e [no-unused-vars] fix false negative for type predicate parameter (\u003ca href=\"https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12004\"\u003e#12004\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Thank You\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMinJae \u003ca href=\"https://github.com/Ju-MINJAE\"\u003e\u003ccode\u003e@​Ju-MINJAE\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.1\"\u003eGitHub Releases\u003c/a\u003e for more information.\u003c/p\u003e\n\u003cp\u003eYou can read about our \u003ca href=\"https://typescript-eslint.io/users/versioning\"\u003eversioning strategy\u003c/a\u003e and \u003ca href=\"https://typescript-eslint.io/users/releases\"\u003ereleases\u003c/a\u003e on our website.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/ea9ae4f8817873480e3501145059f63e39e8d8a1\"\u003e\u003ccode\u003eea9ae4f\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/cfca5506346503830ce348aabe8e82fe28a8e687\"\u003e\u003ccode\u003ecfca550\u003c/code\u003e\u003c/a\u003e feat(eslint-plugin): [no-unnecessary-type-assertion] report more cases based ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/6d599b4769e22ed634236980d7da1e23e3f073a6\"\u003e\u003ccode\u003e6d599b4\u003c/code\u003e\u003c/a\u003e chore(eslint-plugin): switch auto-generated test cases to hand-written in ret...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/33c81691ec8f240209d8662dd2ca72602731e5b0\"\u003e\u003ccode\u003e33c8169\u003c/code\u003e\u003c/a\u003e chore: fix cspell violations in code blocks (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12167\"\u003e#12167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/90c2803a4c250e0343598d41e973f95e743bf4ce\"\u003e\u003ccode\u003e90c2803\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.58.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/7c9e06f669065bfb24b66c1f2bfb05ae2b512c09\"\u003e\u003ccode\u003e7c9e06f\u003c/code\u003e\u003c/a\u003e fix(eslint-plugin): [no-unnecessary-condition] use assignability checks in ch...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/dae173267fe3a549417de802be00af1aeae25059\"\u003e\u003ccode\u003edae1732\u003c/code\u003e\u003c/a\u003e chore(eslint-plugin): switch auto-generated test cases to hand-written in unb...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/be6b49a02d68db9bdc8985e7e9e1598700fda2fa\"\u003e\u003ccode\u003ebe6b49a\u003c/code\u003e\u003c/a\u003e fix: remove tsbuildinfo cache file from published packages (\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin/issues/12187\"\u003e#12187\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/5311ed312eadf4e238324f2726ae0b1f3f2206e6\"\u003e\u003ccode\u003e5311ed3\u003c/code\u003e\u003c/a\u003e chore(release): publish 8.58.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commit/c3f8ed5ddfa757d91911489105bf8b57a16404c9\"\u003e\u003ccode\u003ec3f8ed5\u003c/code\u003e\u003c/a\u003e fix(eslint-plugin): [no-unused-vars] fix false negative for type predicate pa...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.0/packages/eslint-plugin\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `eslint` from 10.1.0 to 10.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eslint/eslint/releases\"\u003eeslint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev10.2.1\u003c/h2\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14be92b6d1fa0923b8923830f2208e5e2705b002\"\u003e\u003ccode\u003e14be92b\u003c/code\u003e\u003c/a\u003e fix: model generator yield resumption paths in code path analysis (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20665\"\u003e#20665\u003c/a\u003e) (sethamus)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/84a19d2c32255db6b9cfc08644a607aae6d5cb62\"\u003e\u003ccode\u003e84a19d2\u003c/code\u003e\u003c/a\u003e fix: no-async-promise-executor false positives for shadowed Promise (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20740\"\u003e#20740\u003c/a\u003e) (xbinaryx)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/af764af0ec38225755fbf8a6f207f0c77b595a8d\"\u003e\u003ccode\u003eaf764af\u003c/code\u003e\u003c/a\u003e fix: clarify language and processor validation errors (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20729\"\u003e#20729\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e251b89a38280973e468a4a9386c138f4f55d10d\"\u003e\u003ccode\u003ee251b89\u003c/code\u003e\u003c/a\u003e fix: update eslint (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20715\"\u003e#20715\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e) (Ayush Shukla)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/39771e6e600f0b0617fdeafff6dd07e4211ffde6\"\u003e\u003ccode\u003e39771e6\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/71e04693def2df57268f08f3072a2749df6bf438\"\u003e\u003ccode\u003e71e0469\u003c/code\u003e\u003c/a\u003e docs: fix incomplete JSDoc param description in no-shadow rule (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20728\"\u003e#20728\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/22119ceb93e28f62262fc1d98ff1b1442d6e2dbf\"\u003e\u003ccode\u003e22119ce\u003c/code\u003e\u003c/a\u003e docs: clarify scope of for-direction rule with dead code examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20723\"\u003e#20723\u003c/a\u003e) (Amaresh  S M)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8f3fb77f122a5641d1833cad5d93f3f54fa3be0b\"\u003e\u003ccode\u003e8f3fb77\u003c/code\u003e\u003c/a\u003e docs: document \u003ccode\u003emeta.docs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20718\"\u003e#20718\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e) (dependabot[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/51080eb5c98d619434e4835dbe9f1c6654aca3b8\"\u003e\u003ccode\u003e51080eb\u003c/code\u003e\u003c/a\u003e test: processor service (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20731\"\u003e#20731\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/e7e1889fca9b6044e08f41b38df20a1ce45808c8\"\u003e\u003ccode\u003ee7e1889\u003c/code\u003e\u003c/a\u003e chore: remove stale babel-eslint10 fixture and test  (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20727\"\u003e#20727\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4e1a87cb8fb90e309524bc36bc5f31b9f9cfaa76\"\u003e\u003ccode\u003e4e1a87c\u003c/code\u003e\u003c/a\u003e test: remove redundant async/await in flat config array tests (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20722\"\u003e#20722\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/066eabb3643b12931f991594969bcc0028f71a5f\"\u003e\u003ccode\u003e066eabb\u003c/code\u003e\u003c/a\u003e test: add rule metadata coverage for \u003ccode\u003elanguages\u003c/code\u003e and \u003ccode\u003edocs.dialects\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20717\"\u003e#20717\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev10.2.0\u003c/h2\u003e\n\u003ch2\u003eFeatures\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/586ec2f43092779acc957866db4abe999112d1e1\"\u003e\u003ccode\u003e586ec2f\u003c/code\u003e\u003c/a\u003e feat: Add \u003ccode\u003emeta.languages\u003c/code\u003e support to rules (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20571\"\u003e#20571\u003c/a\u003e) (Copilot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/14207dee3939dc87cfa8b2fcfc271fff2cfd6471\"\u003e\u003ccode\u003e14207de\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eTemporal\u003c/code\u003e to \u003ccode\u003eno-obj-calls\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20675\"\u003e#20675\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/bbb2c93a2b31bd30924f32fe69a9acf41f9dfe35\"\u003e\u003ccode\u003ebbb2c93\u003c/code\u003e\u003c/a\u003e feat: add Temporal to ES2026 globals (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20672\"\u003e#20672\u003c/a\u003e) (Pixel998)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/542cb3e6442a4e6ee3457c799e2a0ee23bef0c6a\"\u003e\u003ccode\u003e542cb3e\u003c/code\u003e\u003c/a\u003e fix: update first-party dependencies (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20714\"\u003e#20714\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDocumentation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/a2af743ea60f683d0e0de9d98267c1e7e4f5e412\"\u003e\u003ccode\u003ea2af743\u003c/code\u003e\u003c/a\u003e docs: add \u003ccode\u003elanguage\u003c/code\u003e to configuration objects (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20712\"\u003e#20712\u003c/a\u003e) (Francesco Trotta)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/845f23f1370892bf07d819497ac518c9e65090d6\"\u003e\u003ccode\u003e845f23f\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/5fbcf5958b897cc4df5d652924d18428db37f7ee\"\u003e\u003ccode\u003e5fbcf59\u003c/code\u003e\u003c/a\u003e docs: remove \u003ccode\u003esourceType\u003c/code\u003e from ts playground link (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20477\"\u003e#20477\u003c/a\u003e) (Tanuj Kanti)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8702a474659be786b6b1392e5e7c0c56355ae4a4\"\u003e\u003ccode\u003e8702a47\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ddeaded2ab36951383ff67c60fb64ec68d29a46a\"\u003e\u003ccode\u003eddeaded\u003c/code\u003e\u003c/a\u003e docs: Update README (GitHub Actions Bot)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/2b4496691266547784a7f7ad1989ce53381bab91\"\u003e\u003ccode\u003e2b44966\u003c/code\u003e\u003c/a\u003e docs: add Major Releases section to Manage Releases (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20269\"\u003e#20269\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/eab65c700ebb16a6e790910c720450c9908961fd\"\u003e\u003ccode\u003eeab65c7\u003c/code\u003e\u003c/a\u003e docs: update \u003ccode\u003eeslint\u003c/code\u003e versions in examples (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20664\"\u003e#20664\u003c/a\u003e) (루밀LuMir)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3e4a29903bf31f0998e45ad9128a265bce1edc56\"\u003e\u003ccode\u003e3e4a299\u003c/code\u003e\u003c/a\u003e docs: update ESM Dependencies policies with note for own-usage packages (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20660\"\u003e#20660\u003c/a\u003e) (Milos Djermanovic)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/8120e30f833474f47acc061d24d164e9f022264f\"\u003e\u003ccode\u003e8120e30\u003c/code\u003e\u003c/a\u003e refactor: extract no unmodified loop condition (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20679\"\u003e#20679\u003c/a\u003e) (kuldeep kumar)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/46e8469786be1b2bbb522100e1d44624d98d3745\"\u003e\u003ccode\u003e46e8469\u003c/code\u003e\u003c/a\u003e chore: update dependency markdownlint-cli2 to ^0.22.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20697\"\u003e#20697\u003c/a\u003e) (renovate[bot])\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/01ed3aa68477f81a7188e1498cf4906e02015b7c\"\u003e\u003ccode\u003e01ed3aa\u003c/code\u003e\u003c/a\u003e test: add unit tests for unicode utilities (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20622\"\u003e#20622\u003c/a\u003e) (Manish chaudhary)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4d1d8f9737236603f64bbe83d5bb8001627b5611\"\u003e\u003ccode\u003e4d1d8f9\u003c/code\u003e\u003c/a\u003e 10.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/3e33105b05d09b5a4eb894ed75a9811fb40d65e6\"\u003e\u003ccode\u003e3e33105\u003c/code\u003e\u003c/a\u003e Build: changelog update for 10.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/ca92ca0fb4599e8de1e2fb914e695fe7397cbe63\"\u003e\u003ccode\u003eca92ca0\u003c/code\u003e\u003c/a\u003e docs: reuse markdown-it instance for markdown filter (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20768\"\u003e#20768\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7ddfea9c4f62add1588c5c0b0da568c299246383\"\u003e\u003ccode\u003e7ddfea9\u003c/code\u003e\u003c/a\u003e chore: update dependency prettier to v3.8.2 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20770\"\u003e#20770\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/57d2ee213305cee0cb55ef08e0480b57396269a9\"\u003e\u003ccode\u003e57d2ee2\u003c/code\u003e\u003c/a\u003e docs:  Enable Eleventy incremental mode for watch (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20767\"\u003e#20767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/c1621b915742276e5f4b25efe790ca62296330dc\"\u003e\u003ccode\u003ec1621b9\u003c/code\u003e\u003c/a\u003e docs: fix typos in code-path-analyzer.js (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20700\"\u003e#20700\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/fac40e1de2ba7646cc7cd2d3f93fbdd1f8819001\"\u003e\u003ccode\u003efac40e1\u003c/code\u003e\u003c/a\u003e ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20763\"\u003e#20763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/7246f923332522d8b3d46b6ee646fce88535f3fb\"\u003e\u003ccode\u003e7246f92\u003c/code\u003e\u003c/a\u003e test: add tests for SuppressionsService.load() error handling (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20734\"\u003e#20734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/4f34b1e592b0f63d766d9903998e8e36eb49d3aa\"\u003e\u003ccode\u003e4f34b1e\u003c/code\u003e\u003c/a\u003e chore: update pnpm/action-setup action to v5 (\u003ca href=\"https://redirect.github.com/eslint/eslint/issues/20762\"\u003e#20762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eslint/eslint/commit/1418d522d10bde1960f4942afb548bc7160ec49e\"\u003e\u003ccode\u003e1418d52\u003c/code\u003e\u003c/a\u003e docs: Update README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eslint/eslint/compare/v10.1.0...v10.2.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `globals` from 17.4.0 to 17.5.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sindresorhus/globals/releases\"\u003eglobals's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev17.5.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate globals (2026-04-12) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/342\"\u003e#342\u003c/a\u003e)  5d84602\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\"\u003ehttps://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/b8170c8e1d648291b613c5b39a69652c796fa36c\"\u003e\u003ccode\u003eb8170c8\u003c/code\u003e\u003c/a\u003e 17.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/5d846029679832931f38ced6381cc95bcb9abd80\"\u003e\u003ccode\u003e5d84602\u003c/code\u003e\u003c/a\u003e Update globals (2026-04-12) (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/342\"\u003e#342\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sindresorhus/globals/commit/1b727e5f4cc39121b8e77b9f27574a8ca27391fc\"\u003e\u003ccode\u003e1b727e5\u003c/code\u003e\u003c/a\u003e Fix build script for ES globals (\u003ca href=\"https://redirect.github.com/sindresorhus/globals/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/sindresorhus/globals/compare/v17.4.0...v17.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `prettier` from 3.8.1 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/releases\"\u003eprettier's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003eprettier/prettier#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/3.8.3/CHANGELOG.md#383\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e3.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport Angular v21.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e🔗 \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md#382\"\u003eChangelog\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/prettier/prettier/blob/main/CHANGELOG.md\"\u003eprettier's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e3.8.3\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.2...3.8.3\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eSCSS: Prevent trailing comma in \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18471\"\u003e#18471\u003c/a\u003e by \u003ca href=\"https://github.com/kovsu\"\u003e\u003ccode\u003e@​kovsu\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"scss\"\u003e\u003ccode\u003e// Input\n$value: if(sass(false): 1; else: -1);\n\u003cp\u003e// Prettier 3.8.2\n$value: if(\nsass(false): 1; else: -1,\n);\u003c/p\u003e\n\u003cp\u003e// Prettier 3.8.3\n$value: if(sass(false): 1; else: -1);\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003ch1\u003e3.8.2\u003c/h1\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.2\"\u003ediff\u003c/a\u003e\u003c/p\u003e\n\u003ch4\u003eAngular: Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/pull/18722\"\u003e#18722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/prettier/prettier/pull/19034\"\u003e#19034\u003c/a\u003e by \u003ca href=\"https://github.com/fisker\"\u003e\u003ccode\u003e@​fisker\u003c/code\u003e\u003c/a\u003e)\u003c/h4\u003e\n\u003cp\u003eExhaustive typechecking with \u003ccode\u003e@default never;\u003c/code\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;!-- Input --\u0026gt;\n@switch (foo) {\n  @case (1) {}\n  @default never;\n}\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.1 --\u0026gt;\nSyntaxError: Incomplete block \u0026quot;default never\u0026quot;. If you meant to write the @ character, you should use the \u0026quot;\u0026amp;\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/64\"\u003e#64\u003c/a\u003e;\u0026quot; HTML entity instead. (3:3)\u003c/p\u003e\n\u003cp\u003e\u0026lt;!-- Prettier 3.8.2 --\u0026gt;\n\u003ca href=\"https://github.com/switch\"\u003e\u003ccode\u003e@​switch\u003c/code\u003e\u003c/a\u003e (foo) {\n\u003ca href=\"https://github.com/case\"\u003e\u003ccode\u003e@​case\u003c/code\u003e\u003c/a\u003e (1) {}\n\u003ca href=\"https://github.com/default\"\u003e\u003ccode\u003e@​default\u003c/code\u003e\u003c/a\u003e never;\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003e\u003ccode\u003earrow function\u003c/code\u003e and \u003ccode\u003einstanceof\u003c/code\u003e expressions.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cpre lang=\"html\"\u003e\u003ccode\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt; \n\u003c/code\u003e\u003c/pre\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/d7108a79ec745c04292aabf22c4c1adbd690b191\"\u003e\u003ccode\u003ed7108a7\u003c/code\u003e\u003c/a\u003e Release 3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/177f90898170d363ef64fde663e4d13170688bfe\"\u003e\u003ccode\u003e177f908\u003c/code\u003e\u003c/a\u003e Prevent trailing comma in SCSS \u003ccode\u003eif()\u003c/code\u003e function (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18471\"\u003e#18471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/1cd40668c3d6f2f4cf9d87bbc9096d92361b2606\"\u003e\u003ccode\u003e1cd4066\u003c/code\u003e\u003c/a\u003e Release \u003ccode\u003e@​prettier/plugin-oxc\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/a8700e245038cd8cc0cf28ef06ffedbcb3fc2dfc\"\u003e\u003ccode\u003ea8700e2\u003c/code\u003e\u003c/a\u003e Update oxc-parser to v0.125.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/752157c78eca6f0a30e5d5cb513b682c5ecfa01e\"\u003e\u003ccode\u003e752157c\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/053fd418e180b12fa2014260212fae831f5fc5ec\"\u003e\u003ccode\u003e053fd41\u003c/code\u003e\u003c/a\u003e Bump Prettier dependency to 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/904c6365ec46726fd0e21021c52ae934b7e5abc6\"\u003e\u003ccode\u003e904c636\u003c/code\u003e\u003c/a\u003e Clean changelog_unreleased\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/dc1f7fcc508d116cbf1644d69a1f0eb93e40d4a4\"\u003e\u003ccode\u003edc1f7fc\u003c/code\u003e\u003c/a\u003e Update dependents count\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/b31557cf331a02acf83e7e29d1001b070189a0d9\"\u003e\u003ccode\u003eb31557c\u003c/code\u003e\u003c/a\u003e Release 3.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/prettier/prettier/commit/96bbaeda0525bf758e464aed2f939d739a85c315\"\u003e\u003ccode\u003e96bbaed\u003c/code\u003e\u003c/a\u003e Support Angular v21.2 (\u003ca href=\"https://redirect.github.com/prettier/prettier/issues/18722\"\u003e#18722\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/prettier/prettier/compare/3.8.1...3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eMost Recent Ignore Conditions Applied to This Pull Request\u003c/summary\u003e\n\n| Dependency Name | Ignore Conditions |\n| --- | --- |\n| @types/node | [\u003e= 22.a, \u003c 23] |\n\u003c/details\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/gradle/actions/pull/950","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/gradle%2Factions/issues/950","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/950/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":null,"pr_created_at":"2026-04-22T16:54:19.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4310556945","node_id":"PR_kwDOL8eYqM7Us2Up","number":207,"state":"closed","title":"chore: bump @actions/http-client from 4.0.0 to 4.0.1","user":"dependabot[bot]","labels":["dependencies","javascript","Stale"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-30T00:43:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T16:54:19.000Z","updated_at":"2026-05-30T00:43:45.000Z","time_to_close":3224964,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/camptocamp/setup-dagger/pull/207","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/camptocamp%2Fsetup-dagger/issues/207","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/207/packages"}},{"old_version":"4.0.0","new_version":"4.0.1","update_type":"patch","path":"/action","pr_created_at":"2026-04-22T05:42:42.000Z","version_change":"4.0.0 → 4.0.1","issue":{"uuid":"4306946248","node_id":"PR_kwDOFMsDj87UhA8N","number":987,"state":"closed","title":"Bump @actions/http-client from 4.0.0 to 4.0.1 in /action","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-22T05:48:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T05:42:42.000Z","updated_at":"2026-04-22T05:48:10.000Z","time_to_close":326,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"4.0.0","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":"/action","ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 4.0.0 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=4.0.0\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/fuller-inc/actions-aws-assume-role/pull/987","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuller-inc%2Factions-aws-assume-role/issues/987","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/987/packages"}},{"old_version":"2.2.1","new_version":"4.0.1","update_type":"major","path":null,"pr_created_at":"2026-04-22T04:07:01.000Z","version_change":"2.2.1 → 4.0.1","issue":{"uuid":"4306636746","node_id":"PR_kwDOIiHw087UgBYD","number":13,"state":"open","title":"build(deps): bump @actions/http-client from 2.2.1 to 4.0.1","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-22T04:07:01.000Z","updated_at":"2026-04-22T04:07:02.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"@actions/http-client","old_version":"2.2.1","new_version":"4.0.1","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 4.0.1.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e6.23.0\u003c/code\u003e to \u003ccode\u003e6.24.0\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2347\"\u003e#2347\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where proxy username and password were not handled correctly \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1799\"\u003e#1799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBetter handling of url encoded usernames and passwords in proxy config \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1782\"\u003e#1782\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=2.2.1\u0026new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/go-gremlins_gremlins-action/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fgo-gremlins_gremlins-action/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"3.0.2","new_version":"4.0.0","update_type":"major","path":null,"pr_created_at":"2026-04-15T17:58:46.000Z","version_change":"3.0.2 → 4.0.0","issue":{"uuid":"4270728031","node_id":"PR_kwDOD3bUds7Suize","number":3833,"state":"closed","title":"Bump @actions/http-client from 3.0.2 to 4.0.0","user":"dependabot[bot]","labels":["size/XS"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-16T10:48:29.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-15T17:58:46.000Z","updated_at":"2026-04-16T10:48:39.000Z","time_to_close":60583,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"@actions/http-client","old_version":"3.0.2","new_version":"4.0.0","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 3.0.2 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=3.0.2\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/github/codeql-action/pull/3833","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Fcodeql-action/issues/3833","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3833/packages"}},{"old_version":"3.0.1","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-26T12:26:02.000Z","version_change":"3.0.1 → 3.0.2","issue":{"uuid":"4143418868","node_id":"PR_kwDOQAiyM87Nsza5","number":147,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-26T12:26:02.000Z","updated_at":"2026-03-26T12:26:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.18.2","new_version":"7.24.6"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.1","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.18.2 to 7.24.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFormdata tests by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4902\"\u003enodejs/undici#4902\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: add unexpected disconnect guards to more client test files by \u003ca href=\"https://github.com/samayer12\"\u003e\u003ccode\u003e@​samayer12\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4844\"\u003enodejs/undici#4844\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): only apply 1-year deleteAt for immutable responses by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4913\"\u003enodejs/undici#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4913\"\u003enodejs/undici#4913\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.4...v7.24.5\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.4...v7.24.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fetch): handle URL credentials in dispatch path extraction by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4892\"\u003enodejs/undici#4892\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.3...v7.24.4\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.3...v7.24.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(h2): TypeError: Cannot read properties of null (reading 'push') i… by \u003ca href=\"https://github.com/hxinhan\"\u003e\u003ccode\u003e@​hxinhan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4881\"\u003enodejs/undici#4881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.2...v7.24.3\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.2...v7.24.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/38eab360daff8f72927dd6083e755ca37d6d624e\"\u003e\u003ccode\u003e38eab36\u003c/code\u003e\u003c/a\u003e Bumped v7.24.6 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4931\"\u003e#4931\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/993609d269b0eca935eff67e6ecec33fcebad7c3\"\u003e\u003ccode\u003e993609d\u003c/code\u003e\u003c/a\u003e test: auto-init WPT submodule (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4930\"\u003e#4930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1eacc49375c43b70c0da9b68bd8186b3ece16ce2\"\u003e\u003ccode\u003e1eacc49\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump typescript from 5.9.3 to 6.0.2 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4926\"\u003e#4926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/b64e7e45cd805e245ccf1f2561a843fa431e2d49\"\u003e\u003ccode\u003eb64e7e4\u003c/code\u003e\u003c/a\u003e fix: avoid prototype collisions in parseHeaders (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4923\"\u003e#4923\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/deba679002094a77405e35d8003fb4c2e0948ca5\"\u003e\u003ccode\u003edeba679\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;fix: assume http/https scheme for scheme-less proxy env vars (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4914\"\u003e#4914\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/feef62bfe0b48662f71b17204b9d9fc8a6d96df7\"\u003e\u003ccode\u003efeef62b\u003c/code\u003e\u003c/a\u003e fix: support Connection header with connection-specific header names per RFC ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a613d9adb0fbf7ed726390a9f553ecfe3343b10b\"\u003e\u003ccode\u003ea613d9a\u003c/code\u003e\u003c/a\u003e docs: clarify fetch and FormData pairing (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4922\"\u003e#4922\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2ba99a3941649cd1f90495dc0715649c72a307db\"\u003e\u003ccode\u003e2ba99a3\u003c/code\u003e\u003c/a\u003e fix: wrap kConnector call in try/catch to prevent client hang (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4834\"\u003e#4834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a7398c0e881ebc8d8799b0260187ef50970260a8\"\u003e\u003ccode\u003ea7398c0\u003c/code\u003e\u003c/a\u003e fix(cache): check Authorization on request headers per RFC 9111 §3.5 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4911\"\u003e#4911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/2b2afbc0d4d73e548f3b91c9f6ae5cbb166240a0\"\u003e\u003ccode\u003e2b2afbc\u003c/code\u003e\u003c/a\u003e fix: assume http/https scheme for scheme-less proxy env vars (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4914\"\u003e#4914\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.18.2...v7.24.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.1 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ooples/token-optimizer-mcp/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ooples/token-optimizer-mcp/pull/147","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ooples%2Ftoken-optimizer-mcp/issues/147","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/147/packages"}},{"old_version":"2.2.1","new_version":"4.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-18T05:03:27.000Z","version_change":"2.2.1 → 4.0.0","issue":{"uuid":"4092743320","node_id":"PR_kwDOIiHw087LbBqp","number":7,"state":"open","title":"build(deps): bump @actions/http-client from 2.2.1 to 4.0.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-18T05:03:27.000Z","updated_at":"2026-03-18T05:03:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"@actions/http-client","old_version":"2.2.1","new_version":"4.0.0","repository_url":"https://github.com/actions/toolkit"}],"path":null,"ecosystem":"npm"},"body":"Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 4.0.0.\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where proxy username and password were not handled correctly \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1799\"\u003e#1799\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBetter handling of url encoded usernames and passwords in proxy config \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/1782\"\u003e#1782\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@actions/http-client\u0026package-manager=npm_and_yarn\u0026previous-version=2.2.1\u0026new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/actions-marketplace-validations/go-gremlins_gremlins-action/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/actions-marketplace-validations%2Fgo-gremlins_gremlins-action/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-16T07:52:31.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4080829480","node_id":"PR_kwDOLb0qOM7K1lGC","number":322,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-16T07:52:31.000Z","updated_at":"2026-03-16T07:52:47.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.1"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 5.29.0 to 6.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/deriv-com/deriv-api-docs/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/deriv-com/deriv-api-docs/pull/322","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/deriv-com%2Fderiv-api-docs/issues/322","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/322/packages"}},{"old_version":"2.2.3","new_version":"4.0.0","update_type":"major","path":null,"pr_created_at":"2026-03-14T11:26:31.000Z","version_change":"2.2.3 → 4.0.0","issue":{"uuid":"4075584237","node_id":"PR_kwDOG05L2s7Kl6Es","number":18,"state":"closed","title":"build(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T08:01:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T11:26:31.000Z","updated_at":"2026-04-03T08:01:57.000Z","time_to_close":1715724,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.1"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"2.2.3","new_version":"4.0.0"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) to 6.24.1 and updates ancestor dependency [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies need to be updated together.\n\nUpdates `undici` from 5.29.0 to 6.24.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 2.2.3 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking change\u003c/strong\u003e: Package is now ESM-only\n\u003cul\u003e\n\u003cli\u003eCommonJS consumers must use dynamic \u003ccode\u003eimport()\u003c/code\u003e instead of \u003ccode\u003erequire()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Node 24 \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2110\"\u003e#2110\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/@actions/cache@4.0.0/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e","html_url":"https://github.com/minchao/setup-gator/pull/18","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/minchao%2Fsetup-gator/issues/18","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/18/packages"}},{"old_version":"3.0.1","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T11:00:40.000Z","version_change":"3.0.1 → 3.0.2","issue":{"uuid":"4075514707","node_id":"PR_kwDOQ_QSpc7Klr0_","number":16,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T11:00:40.000Z","updated_at":"2026-03-14T11:00:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.19.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.1","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.19.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.19.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.1 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Mearman/typecheck-files/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Mearman/typecheck-files/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mearman%2Ftypecheck-files/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T10:39:57.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075460636","node_id":"PR_kwDOE_PZTs7KlgrW","number":452,"state":"closed","title":"fix: bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-18T08:43:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T10:39:57.000Z","updated_at":"2026-04-18T08:43:57.000Z","time_to_close":3017031,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/VaclavObornik/mongodash/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/VaclavObornik/mongodash/pull/452","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/VaclavObornik%2Fmongodash/issues/452","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/452/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T10:10:47.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075393162","node_id":"PR_kwDODifb8c7KlS3Y","number":1539,"state":"open","title":"fix(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","npm"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T10:10:47.000Z","updated_at":"2026-03-14T10:10:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"fix(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Kronos-Integration/service-swarm/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Kronos-Integration/service-swarm/pull/1539","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kronos-Integration%2Fservice-swarm/issues/1539","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1539/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T10:04:37.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075379208","node_id":"PR_kwDOLwOcvs7KlQO1","number":320,"state":"open","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T10:04:37.000Z","updated_at":"2026-03-14T10:04:48.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/deriv-com/webflow-deriv-com-scripts/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/deriv-com/webflow-deriv-com-scripts/pull/320","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/deriv-com%2Fwebflow-deriv-com-scripts/issues/320","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/320/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T08:37:07.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075161496","node_id":"PR_kwDOQtTXfs7KkjXf","number":8,"state":"closed","title":"chore(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript","released"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T08:41:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T08:37:07.000Z","updated_at":"2026-04-26T10:58:14.000Z","time_to_close":605076,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"7.16.0","new_version":"7.24.2"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/angristan/codex-wakatime/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/angristan/codex-wakatime/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/angristan%2Fcodex-wakatime/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T08:22:33.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075124336","node_id":"PR_kwDOQuu9v87KkbpH","number":3,"state":"closed","title":"build(deps): bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-14T09:32:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-14T08:22:33.000Z","updated_at":"2026-03-14T09:32:32.000Z","time_to_close":4198,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"undici","repository_url":"https://github.com/nodejs/undici","old_version":"5.29.0","new_version":"6.24.0"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 5.29.0 to 6.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1525: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1525\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1528: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1528\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1528\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1527: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1527\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1527\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-2229: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-2229\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-2229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eNVD CVE-2026-1526: \u003ca href=\"https://nvd.nist.gov/vuln/detail/CVE-2026-1526\"\u003ehttps://nvd.nist.gov/vuln/detail/CVE-2026-1526\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.23.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a444e4f13e8958b4e1ac42bc0d53ace7fba0a9c1\"\u003e\u003ccode\u003ea444e4f\u003c/code\u003e\u003c/a\u003e test: stabilize h2 and tls-cert-leak under current test runner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/dc032a1050d5489b8ce9b4c22aafba98a942f87b\"\u003e\u003ccode\u003edc032a1\u003c/code\u003e\u003c/a\u003e fix: h2 CI (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4395\"\u003e#4395\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4cd3f4b3a2ef910ba728c47ae78294d956410450\"\u003e\u003ccode\u003e4cd3f4b\u003c/code\u003e\u003c/a\u003e test: increase bitness in \u003ccode\u003etest/fixtures/*.pem\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/3659\"\u003e#3659\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7df6442194b7a54e9ac734335e6e0a56a9bc6666\"\u003e\u003ccode\u003e7df6442\u003c/code\u003e\u003c/a\u003e fix: adapt websocket frame-limit handling for v6 parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4e0179ae643e6f4380f24cc3683c1b1ca2afb094\"\u003e\u003ccode\u003e4e0179a\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5a97f0893b53ba7d1d5549d3df7e55d9c2673f89\"\u003e\u003ccode\u003e5a97f08\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/e43e898603dd5e0c14a75b08b83257598d664a39\"\u003e\u003ccode\u003ee43e898\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.24.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RehabAbotalep/close-sub-issues-action/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/RehabAbotalep/close-sub-issues-action/pull/3","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/RehabAbotalep%2Fclose-sub-issues-action/issues/3","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3/packages"}},{"old_version":"3.0.0","new_version":"3.0.2","update_type":"patch","path":null,"pr_created_at":"2026-03-14T08:19:24.000Z","version_change":"3.0.0 → 3.0.2","issue":{"uuid":"4075117437","node_id":"PR_kwDOA0MfWM7KkaOQ","number":517,"state":"open","title":"refactor: Bump undici and @actions/http-client","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":5,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-14T08:19:24.000Z","updated_at":"2026-03-29T03:01:30.144Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"refactor","packages":[{"name":"Bump undici"},{"name":"@actions/http-client","repository_url":"https://github.com/actions/toolkit","old_version":"3.0.0","new_version":"3.0.2"}],"path":null,"ecosystem":"npm"},"body":"Bumps [undici](https://github.com/nodejs/undici) and [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client). These dependencies needed to be updated together.\nUpdates `undici` from 7.20.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.20.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.16.0 to 7.24.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.24.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix fetch path logic by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4890\"\u003enodejs/undici#4890\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eremove maxDecompressedMessageSize by \u003ca href=\"https://github.com/KhafraDev\"\u003e\u003ccode\u003e@​KhafraDev\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4891\"\u003enodejs/undici#4891\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.1...v7.24.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003cstrong\u003eproto\u003c/strong\u003e pollution by \u003ca href=\"https://github.com/rahulyadav5524\"\u003e\u003ccode\u003e@​rahulyadav5524\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4885\"\u003enodejs/undici#4885\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.0...v7.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v7.24.0 Security Release Notes\u003c/h1\u003e\n\u003cp\u003eThis release addresses multiple security vulnerabilities in Undici.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v7 should upgrade to \u003cstrong\u003ev7.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 (Medium)\u003cbr /\u003e\nUnbounded memory consumption in deduplication interceptor response buffering (DoS risk).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2581: affected \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e7.0.0 \u0026lt; 7.24.0\u003c/code\u003e, patched \u003ccode\u003e7.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f2e155bb90b79acb6764d5b02d2879462daf0ecd\"\u003e\u003ccode\u003ef2e155b\u003c/code\u003e\u003c/a\u003e Bumped v7.24.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/4d2d1afd59a8c00002d029775859bde3d47549da\"\u003e\u003ccode\u003e4d2d1af\u003c/code\u003e\u003c/a\u003e remove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3a05a4f7dfe4257417821d4ae9da8f1f8fd227cb\"\u003e\u003ccode\u003e3a05a4f\u003c/code\u003e\u003c/a\u003e fix fetch path logic (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4890\"\u003e#4890\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/23e3cd362ba6beb3988e6a9a63000336dd219591\"\u003e\u003ccode\u003e23e3cd3\u003c/code\u003e\u003c/a\u003e Bumped v7.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3aedaa8d5f701da767616df2dced7d4daa7c1566\"\u003e\u003ccode\u003e3aedaa8\u003c/code\u003e\u003c/a\u003e remove PLAN.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/0d7ec33ff37563d3e7c98d11d7bca736f330d156\"\u003e\u003ccode\u003e0d7ec33\u003c/code\u003e\u003c/a\u003e fix: \u003cstrong\u003eproto\u003c/strong\u003e pollution (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4885\"\u003e#4885\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/07a39067a0485c1953196f500d945fe09378a176\"\u003e\u003ccode\u003e07a3906\u003c/code\u003e\u003c/a\u003e Bumped v7.24.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4887\"\u003e#4887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/74495c63ab23ef39be99983ed6de81df5d203d45\"\u003e\u003ccode\u003e74495c6\u003c/code\u003e\u003c/a\u003e fix: reject duplicate content-length and host headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84235c62e0fe7494cec13f81d5732db0859df417\"\u003e\u003ccode\u003e84235c6\u003c/code\u003e\u003c/a\u003e Fix websocket 64-bit length overflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/77594f923cef4c27ee0bad365e7b4c44a199edae\"\u003e\u003ccode\u003e77594f9\u003c/code\u003e\u003c/a\u003e fix: validate upgrade header to prevent CRLF injection\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.20.0...v7.24.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@actions/http-client` from 3.0.0 to 3.0.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md\"\u003e\u003ccode\u003e@​actions/http-client\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e from \u003ccode\u003e5.28.5\u003c/code\u003e to \u003ccode\u003e6.23.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for ACTIONS_ORCHESTRATION_ID in user-agent and default user-agent \u003ca href=\"https://redirect.github.com/actions/toolkit/pull/2229\"\u003e#2229\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/toolkit/commits/HEAD/packages/http-client\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​actions/http-client\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/parse-community/parse-server-push-adapter/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/parse-community/parse-server-push-adapter/pull/517","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/parse-community%2Fparse-server-push-adapter/issues/517","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/517/packages"}}]}