{"id":80203,"name":"basic-ftp","ecosystem":"npm","repository_url":"https://github.com/patrickjuchli/basic-ftp","issues_count":1846,"created_at":"2025-12-29T06:08:47.281Z","updated_at":"2025-12-29T06:08:47.281Z","purl":"pkg:npm/basic-ftp","metadata":{"id":1461653,"name":"basic-ftp","ecosystem":"npm","description":"FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript.","homepage":"https://github.com/patrickjuchli/basic-ftp#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/patrickjuchli/basic-ftp","keywords_array":["ftp","ftps","promise","async","await","tls","ipv6","typescript"],"namespace":null,"versions_count":113,"first_release_published_at":"2017-12-30T15:23:50.666Z","latest_release_published_at":"2025-12-27T08:22:20.315Z","latest_release_number":"5.1.0","last_synced_at":"2026-01-07T01:15:00.420Z","created_at":"2022-04-09T02:02:02.496Z","updated_at":"2026-01-07T01:15:00.421Z","registry_url":"https://www.npmjs.com/package/basic-ftp","install_command":"npm install basic-ftp","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"5.1.0"}},"repo_metadata":{"id":41537176,"uuid":"115804484","full_name":"patrickjuchli/basic-ftp","owner":"patrickjuchli","description":"FTP client for Node.js, supports FTPS over TLS, passive mode over IPv6, async/await, and Typescript.","archived":false,"fork":false,"pushed_at":"2025-12-19T18:51:20.000Z","size":1052,"stargazers_count":699,"open_issues_count":17,"forks_count":99,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-12-23T15:10:14.277Z","etag":null,"topics":["async-await","ftp","ftps","ipv6","nodejs","promise","tls","typescript"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patrickjuchli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-30T15:11:28.000Z","updated_at":"2025-12-19T18:51:24.000Z","dependencies_parsed_at":"2023-12-20T11:08:43.618Z","dependency_job_id":"b1b80d97-9e44-47ec-b54b-081138815b93","html_url":"https://github.com/patrickjuchli/basic-ftp","commit_stats":{"total_commits":851,"total_committers":17,"mean_commits":50.05882352941177,"dds":"0.025851938895417148","last_synced_commit":"6deecaf9f3aa0312c92ee96389c405b79311e862"},"previous_names":[],"tags_count":106,"template":false,"template_full_name":null,"purl":"pkg:github/patrickjuchli/basic-ftp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickjuchli","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/sbom","scorecard":{"id":722332,"data":{"date":"2025-08-11","repo":{"name":"github.com/patrickjuchli/basic-ftp","commit":"22e4bf0529352d2b439bf0d694dcf2db6ac8f661"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 2/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/codeql-analysis.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/nodejs.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/patrickjuchli/basic-ftp/nodejs.yml/master?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T11:44:33.931Z","repository_id":41537176,"created_at":"2025-08-22T11:44:33.931Z","updated_at":"2025-08-22T11:44:33.931Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27991672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-23T02:00:07.087Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"patrickjuchli","name":"Patrick Juchli","uuid":"397839","kind":"user","description":"","email":"","website":"https://patrickjuchli.com/en/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/397839?u=435f3c32b05790049a8b7b70449871fdf7304e9d\u0026v=4","repositories_count":11,"last_synced_at":"2024-03-21T09:48:16.358Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/patrickjuchli","funding_links":[],"total_stars":650,"followers":null,"following":null,"created_at":"2022-11-09T05:27:07.222Z","updated_at":"2024-03-21T09:48:18.553Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickjuchli","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patrickjuchli/repositories"},"tags":[{"name":"v5.0.5","sha":"1c92a9438704585a80aeaaad3e060382a35edad3","kind":"commit","published_at":"2024-02-27T21:05:38.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.5","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.5/manifests"},{"name":"v5.0.4","sha":"80e27be5dc562e5e18fcb2889e21d9568917dc1c","kind":"commit","published_at":"2023-12-13T19:58:11.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.4/manifests"},{"name":"v5.0.3","sha":"aa83d68f8958c4cc2684d35b2f6724afa5904adc","kind":"commit","published_at":"2023-05-05T08:12:17.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.3/manifests"},{"name":"v5.0.2","sha":"6deecaf9f3aa0312c92ee96389c405b79311e862","kind":"commit","published_at":"2022-09-01T10:52:41.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.2/manifests"},{"name":"v5.0.1","sha":"864f57e62fde72572f79509f81d976145815b82d","kind":"commit","published_at":"2022-07-21T09:24:30.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.1/manifests"},{"name":"v5.0.0","sha":"9bd6aa772524cef2800db5a71169130d18983e80","kind":"commit","published_at":"2022-07-16T07:38:37.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v5.0.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v5.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v5.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v5.0.0/manifests"},{"name":"4.6.6","sha":"80b805759413d023cc6fb0b9ae12d7d0fe8d5e27","kind":"commit","published_at":"2021-03-27T17:46:42.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/4.6.6","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/4.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@4.6.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/4.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/4.6.6/manifests"},{"name":"v4.6.5","sha":"27444603def5a4a89653e11e9c6089783bbf7c82","kind":"commit","published_at":"2021-03-26T19:49:31.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.5","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.5/manifests"},{"name":"v4.6.4","sha":"4db4f4ae4f81433adb429f241ec26e2e43797e87","kind":"commit","published_at":"2021-03-24T21:02:31.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.4/manifests"},{"name":"v4.6.3","sha":"8ed3c24e56706a52653d862e61b57340dcbcb4e9","kind":"commit","published_at":"2020-10-31T08:15:36.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.3/manifests"},{"name":"v4.6.2","sha":"7dc31f9a1a4dd6720606fcbf6fbf13916d928be0","kind":"commit","published_at":"2020-07-03T07:18:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.2/manifests"},{"name":"v4.6.1","sha":"026db49d2212d0d9e99321545ecc19e74b957807","kind":"commit","published_at":"2020-06-07T05:14:19.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.1/manifests"},{"name":"v4.6.0","sha":"3bfec5f56b1393e0f2f02f8b2cc4406513bd2a4c","kind":"commit","published_at":"2020-06-06T17:50:33.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.6.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.6.0/manifests"},{"name":"v4.5.4","sha":"2c6ba44a284f4a0a6a1f1df98b7bbd7d5d62fdb5","kind":"tag","published_at":"2020-03-22T10:15:38.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.5.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.5.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.4/manifests"},{"name":"v4.5.3","sha":"f3ede38f6f0cec7761fb0c7db81ac30b5c91a5ff","kind":"tag","published_at":"2020-01-14T17:36:23.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.5.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.5.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.3/manifests"},{"name":"v4.5.2","sha":"dad3d226ec8454840a40c41f14225b2161e97615","kind":"tag","published_at":"2019-12-26T18:01:37.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.5.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.2/manifests"},{"name":"v4.5.1","sha":"1acb581dcaddc17596e780fe04628f730cbe5656","kind":"tag","published_at":"2019-11-07T17:12:40.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.5.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.1/manifests"},{"name":"v4.5.0","sha":"1e8a8144e8f0721321beac443f4f545f8ab47276","kind":"tag","published_at":"2019-11-06T13:56:01.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.5.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.5.0/manifests"},{"name":"v4.4.1","sha":"26a2f00ed82f17df6777fcbcb8aba295f7532cb7","kind":"tag","published_at":"2019-10-29T13:56:21.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.4.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.4.1/manifests"},{"name":"v4.4.0","sha":"0499592114f3becbc2d554e12ab8e10e6b21b658","kind":"tag","published_at":"2019-10-28T09:18:08.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.4.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.4.0/manifests"},{"name":"v4.3.2","sha":"8d71ddbe37b927c3fb5028e8410ab669524b9e7b","kind":"tag","published_at":"2019-10-27T11:04:54.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.3.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.2/manifests"},{"name":"v4.3.1","sha":"67690d0689e6defaf632c2b9cee311b733c7ea0f","kind":"tag","published_at":"2019-10-22T20:34:11.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.3.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.1/manifests"},{"name":"v4.3.0","sha":"dbadd6b4c636bd3173adb3a7fe4158f02814cb3f","kind":"tag","published_at":"2019-10-19T11:44:45.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.3.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.3.0/manifests"},{"name":"v4.2.1","sha":"58abec8c455a87c5be8eafe54939dbf10a1ab2db","kind":"tag","published_at":"2019-10-17T13:24:32.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.2.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.2.1/manifests"},{"name":"v4.2.0","sha":"a93e1f30ae55abaafd2694e964c510f6c0f0d4c3","kind":"tag","published_at":"2019-10-13T20:29:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.2.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.2.0/manifests"},{"name":"v4.1.0","sha":"08cd4f87ba9f1dbb2b6db3b1f9844a7ec0da2b67","kind":"tag","published_at":"2019-10-09T12:46:11.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.1.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.1.0/manifests"},{"name":"v4.0.2","sha":"37a36355df0e9017cb09d89b340bd24ee574831f","kind":"tag","published_at":"2019-09-26T06:34:48.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.0.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.2/manifests"},{"name":"v4.0.1","sha":"063e0471820f61b318148afa94ad0e75cb48c199","kind":"tag","published_at":"2019-09-18T07:45:59.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.0.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.1/manifests"},{"name":"v4.0.0","sha":"8e5debbb84668040f1a417512afde275dae367c4","kind":"tag","published_at":"2019-09-13T04:50:53.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v4.0.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v4.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v4.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v4.0.0/manifests"},{"name":"v3.8.3","sha":"1b41b396bb90a295e9be630a69bbc39a72d98e0f","kind":"tag","published_at":"2019-08-29T05:21:30.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.8.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.8.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.3/manifests"},{"name":"v3.8.2","sha":"fca1005c372e1f7894ce5cc524043c07323b9f62","kind":"tag","published_at":"2019-08-28T19:35:47.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.8.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.8.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.2/manifests"},{"name":"v3.8.1","sha":"280d78828219235f67eac15fac1d155fb8ec0550","kind":"tag","published_at":"2019-08-14T18:05:50.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.8.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.1/manifests"},{"name":"v3.8.0","sha":"df70dbf1aeeb33f36ca87bd49f7ef8bc78c6bd92","kind":"tag","published_at":"2019-07-25T16:05:51.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.8.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.8.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.8.0/manifests"},{"name":"v3.7.1","sha":"7a2f635fc3f6c7796cd5507d9cef3d3034aeaa86","kind":"tag","published_at":"2019-07-19T07:11:11.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.7.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.7.1/manifests"},{"name":"v3.7.0","sha":"8ea7c4258505d6e2d5f43efe130c52e73cc1658d","kind":"tag","published_at":"2019-06-26T12:16:01.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.7.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.7.0/manifests"},{"name":"v3.6.0","sha":"b5bd1b7dd1db17b5653331a27ce1c643faa379f6","kind":"tag","published_at":"2019-06-05T13:25:56.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.6.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.6.0/manifests"},{"name":"v3.5.0","sha":"f7f4302c90483296be5f9a76be4d92930da24e66","kind":"tag","published_at":"2019-04-19T07:28:16.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.5.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.5.0/manifests"},{"name":"v3.4.4","sha":"bfb84f30151d0caae27c1fe0d24da2bfffefc697","kind":"tag","published_at":"2019-03-20T09:22:13.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.4.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.4.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.4.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.4/manifests"},{"name":"v3.4.3","sha":"23236bf595a8766a8d84d58f5517a034be3ec8cb","kind":"tag","published_at":"2019-03-05T13:31:43.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.4.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.4.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.3/manifests"},{"name":"v3.4.2","sha":"ec464e88599cb7555ac54334cb60b958c58383e5","kind":"tag","published_at":"2019-02-26T14:23:37.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.4.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.2/manifests"},{"name":"v3.4.1","sha":"5ae8531c7b35f651d57a575883ebe448ac229995","kind":"tag","published_at":"2019-02-23T19:57:28.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.4.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.1/manifests"},{"name":"v3.4.0","sha":"a4fcc6f911402913a02a4c769921763c11fcdba6","kind":"tag","published_at":"2019-02-23T13:17:37.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.4.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.4.0/manifests"},{"name":"v3.3.1","sha":"bc3d03c424ea2b9ee89ac1d6cb1c2394927a4863","kind":"tag","published_at":"2019-02-19T07:04:15.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.3.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.3.1/manifests"},{"name":"v3.3.0","sha":"f5da3ff41a4bdb0270c5fd6ed14824e88e4422fa","kind":"tag","published_at":"2019-02-18T16:21:00.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.3.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.3.0/manifests"},{"name":"v3.2.2","sha":"92c9875609fb3c00b369475792fe41f2e5b1940c","kind":"tag","published_at":"2019-02-18T10:01:52.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.2.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.2/manifests"},{"name":"v3.2.1","sha":"2c8497bb454ec84e9b319bf64869361019bdb537","kind":"tag","published_at":"2019-02-16T08:59:26.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.2.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.1/manifests"},{"name":"v3.2.0","sha":"08b17d83ec374d42140097ef648845818d1bfeb4","kind":"tag","published_at":"2019-02-15T15:11:16.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.2.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.2.0/manifests"},{"name":"v3.1.1","sha":"b063cafb2cdc2318c5920cf1d63a906bcd2f315e","kind":"tag","published_at":"2019-01-20T18:48:35.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.1.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.1.1/manifests"},{"name":"v3.1.0","sha":"ac00625e89372efdcd62d2361147af0e4b3ebb3f","kind":"tag","published_at":"2019-01-11T08:39:07.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.1.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.1.0/manifests"},{"name":"v3.0.0","sha":"1b8ae5a577f6fad996eac4ffb6553593900ddcb8","kind":"tag","published_at":"2019-01-03T19:39:59.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v3.0.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v3.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v3.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v3.0.0/manifests"},{"name":"v2.17.1","sha":"6909f1615674c4b07bfc383f83e0dc73fdd0e145","kind":"tag","published_at":"2018-12-29T09:54:10.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.17.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.17.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.17.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.17.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.17.1/manifests"},{"name":"v2.17.0","sha":"9572a2ce24541e08ab75b3ff31b459aeb7c79c17","kind":"tag","published_at":"2018-12-04T18:57:06.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.17.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.17.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.17.0/manifests"},{"name":"v2.16.1","sha":"e6203584e4fdcb8e9d2424ba49375c8205d02277","kind":"tag","published_at":"2018-12-01T15:36:05.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.16.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.16.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.16.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.16.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.16.1/manifests"},{"name":"v2.16.0","sha":"d8029d07b3e0859f3912c291a39d8cb05d0c9dda","kind":"tag","published_at":"2018-11-14T21:41:24.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.16.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.16.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.16.0/manifests"},{"name":"v2.15.0","sha":"d0d75c4b2fbb473e992868aa94df67f3b1a90ce8","kind":"tag","published_at":"2018-10-31T20:42:37.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.15.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.15.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.15.0/manifests"},{"name":"v2.14.4","sha":"e75b70515a81586bd322598e478b53bb56e2bd4b","kind":"tag","published_at":"2018-10-24T19:18:03.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.14.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.14.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.14.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.4/manifests"},{"name":"v2.14.3","sha":"2465775df11f56ec50b9302eb734c13892d4c546","kind":"tag","published_at":"2018-10-07T18:00:00.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.14.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.14.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.14.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.3/manifests"},{"name":"v2.14.2","sha":"1e65d2ca5bd2863c5044f63a358f4e5d852375d2","kind":"tag","published_at":"2018-10-03T05:45:22.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.14.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.14.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.14.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.2/manifests"},{"name":"v2.14.1","sha":"b7c2b4c8e4442998cfe3c82e1d386c09a9d3b35c","kind":"tag","published_at":"2018-10-03T05:38:25.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.14.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.14.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.14.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.1/manifests"},{"name":"v2.14.0","sha":"71f4701a6f462377b0ff0d6381d329112726a6ba","kind":"tag","published_at":"2018-09-27T06:02:22.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.14.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.14.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.14.0/manifests"},{"name":"v2.13.2","sha":"52b5ebdd9486cad6a5c8f3bd30a7c6dd167f9829","kind":"tag","published_at":"2018-06-30T13:11:22.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.13.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.13.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.2/manifests"},{"name":"v2.13.1","sha":"cc83329135e4b024c0bbdbbf9240478ff3418a3f","kind":"tag","published_at":"2018-06-09T17:32:56.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.13.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.13.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.1/manifests"},{"name":"v2.13.0","sha":"542ce43aec992ba6d88f54f2fef281dcd2aad8d8","kind":"tag","published_at":"2018-06-05T20:06:08.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.13.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.13.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.13.0/manifests"},{"name":"v2.12.3","sha":"092c29720715d9096bda60854be658e6fa69c17c","kind":"tag","published_at":"2018-05-27T09:50:30.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.12.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.12.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.12.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.3/manifests"},{"name":"v2.12.2","sha":"98978f9ca78ab371001bdbf99085ee8c953b919f","kind":"tag","published_at":"2018-05-18T19:08:27.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.12.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.12.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.12.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.2/manifests"},{"name":"v2.12.1","sha":"00e6e3d987579fd8ce9ff8472cee16bcf3b84c2c","kind":"tag","published_at":"2018-05-18T15:19:42.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.12.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.12.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.12.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.1/manifests"},{"name":"v2.12.0","sha":"1c8f44b0ab6515d7ab703f68403a8da6a5b5046e","kind":"tag","published_at":"2018-05-11T15:47:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.12.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.12.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.12.0/manifests"},{"name":"v2.11.0","sha":"0e2555f2c3272f5f4a62cfeb071a3b68ecbac343","kind":"tag","published_at":"2018-04-30T16:57:39.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.11.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.11.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.11.0/manifests"},{"name":"v2.10.0","sha":"c5daa72a6223fe25ffde49118177e18417b00021","kind":"tag","published_at":"2018-04-23T20:11:00.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.10.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.10.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.10.0/manifests"},{"name":"v2.9.2","sha":"95ff793953801008c26c719516296bbd14dd8b4e","kind":"tag","published_at":"2018-04-04T19:32:35.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.9.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.9.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.9.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.2/manifests"},{"name":"v2.9.1","sha":"44b64e38a97a53a6897db55eb0d45a28f89598c2","kind":"tag","published_at":"2018-03-28T11:09:16.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.9.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.9.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.9.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.1/manifests"},{"name":"v2.9.0","sha":"f4dada9373271daaa5e65935d8187fad743f121c","kind":"tag","published_at":"2018-03-17T10:05:10.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.9.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.9.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.9.0/manifests"},{"name":"v2.8.3","sha":"07af61fa353f485cbc0741d00e24e3ccdd68d87d","kind":"tag","published_at":"2018-02-28T18:13:23.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.8.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.8.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.8.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.3/manifests"},{"name":"v2.8.2","sha":"d19d6f8cc6262ed35c404169db2507b43ac9ba7a","kind":"tag","published_at":"2018-02-12T18:10:19.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.8.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.8.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.8.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.2/manifests"},{"name":"v2.8.1","sha":"f3f80976c21623e50f51cab48a2fc1b766f8bc37","kind":"tag","published_at":"2018-02-08T17:57:06.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.8.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.8.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.8.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.1/manifests"},{"name":"v2.8.0","sha":"bc93080f0223067665021001f94bc19619be8968","kind":"tag","published_at":"2018-02-03T06:52:54.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.8.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.8.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.8.0/manifests"},{"name":"v2.7.1","sha":"27e90d8b50271c229ac59d914c16b9bd13d8712d","kind":"tag","published_at":"2018-01-31T13:02:30.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.7.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.7.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.7.1/manifests"},{"name":"v2.7.0","sha":"251191cc2c2d8b0aa208777e1c32dc42a8904383","kind":"tag","published_at":"2018-01-31T12:56:01.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.7.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.7.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.7.0/manifests"},{"name":"v2.6.2","sha":"838de7f0688634bcf4aff67ab7c869b24ce00f02","kind":"tag","published_at":"2018-01-30T21:11:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.6.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.6.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.2/manifests"},{"name":"v2.6.1","sha":"624ce1caec7c273190e63150ec5063a6df6c756d","kind":"tag","published_at":"2018-01-29T16:18:42.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.6.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.6.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.1/manifests"},{"name":"v2.6.0","sha":"345cae67fd86fb42c935886cbc696eb503a2d831","kind":"tag","published_at":"2018-01-29T11:25:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.6.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.6.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.6.0/manifests"},{"name":"v2.5.2","sha":"0e78c6ab45a29c0a89f259cd0de24d3f2788ea2f","kind":"tag","published_at":"2018-01-24T18:09:33.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.5.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.5.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.2/manifests"},{"name":"v2.5.1","sha":"37a4d6ab1a018c929f0ac7a85b1367e7e20ef3d0","kind":"tag","published_at":"2018-01-24T10:06:52.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.5.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.1/manifests"},{"name":"v2.5.0","sha":"ccfa95fe4c8b2a816f3ea3a704ed56c6f90cce6c","kind":"tag","published_at":"2018-01-24T10:04:25.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.5.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.5.0/manifests"},{"name":"v2.4.2","sha":"1fb6d04bc34a85be555ec55d1ba6c31fa45d1051","kind":"commit","published_at":"2018-01-20T12:39:13.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.4.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.4.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.2/manifests"},{"name":"v2.4.1","sha":"6322a864584c95b62687b23cd37e57905663ca6c","kind":"commit","published_at":"2018-01-20T11:47:54.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.4.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.4.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.1/manifests"},{"name":"v2.4.0","sha":"306418be304fdeac9cf9b0ec52fef67458da793f","kind":"tag","published_at":"2018-01-15T21:32:22.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.4.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.4.0/manifests"},{"name":"v2.3.3","sha":"070324be160af7f7e1408823eaa61c95b34fef0a","kind":"tag","published_at":"2018-01-14T17:55:04.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.3.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.3.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.3/manifests"},{"name":"v2.3.2","sha":"f378b1b47dca0dd6aad8b98fa059994c74899039","kind":"tag","published_at":"2018-01-14T15:45:41.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.3.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.3.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.2/manifests"},{"name":"v2.3.1","sha":"f31e1b396304968faca207b259399663e54a2134","kind":"tag","published_at":"2018-01-14T08:49:26.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.3.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.3.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.1/manifests"},{"name":"v2.3.0","sha":"0b94f445c32fab5741621e5f25be0b4e2d0c3852","kind":"tag","published_at":"2018-01-13T21:04:02.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.3.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.3.0/manifests"},{"name":"v2.2.1","sha":"bcbe53c1c4bfe7a0bdddb053bd236853f1f27dbe","kind":"tag","published_at":"2018-01-13T20:38:27.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.2.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"3d7a0690205e78c7792724f013ef3910e0ef77aa","kind":"tag","published_at":"2018-01-13T17:30:59.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.2.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.2.0/manifests"},{"name":"v2.1.0","sha":"c4a3c00eec9753fb4fa684967fda7c76c43e1f7d","kind":"tag","published_at":"2018-01-12T19:14:04.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.1.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.1.0/manifests"},{"name":"v2.0.0","sha":"0392e12a52d3ab2cacca643b582b1f2b898b0836","kind":"tag","published_at":"2018-01-10T12:37:38.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v2.0.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v2.0.0/manifests"},{"name":"v1.2.0","sha":"e55c94c461a5ab0c0740221458222e8773faa908","kind":"tag","published_at":"2018-01-07T08:22:16.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.2.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.2.0/manifests"},{"name":"v1.1.1","sha":"a354d92fc576e4e98c61fa319e3f879b3991b0ae","kind":"tag","published_at":"2018-01-06T18:03:14.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.1.1","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.1.1/manifests"},{"name":"v1.1.0","sha":"3d663e02aaf7169eb6fe07dd7250ef0dfd9d6280","kind":"tag","published_at":"2018-01-06T17:07:58.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.1.0","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.1.0/manifests"},{"name":"v1.0.9","sha":"2d35713910994baaabcf78dcc805cd8996dd3bbd","kind":"tag","published_at":"2018-01-04T21:00:28.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.9","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.9","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.9","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.9/manifests"},{"name":"v1.0.8","sha":"e3ff76ad996a48291e96212c301554a8a72cf190","kind":"tag","published_at":"2018-01-04T17:03:54.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.8","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.8","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.8","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.8/manifests"},{"name":"v1.0.7","sha":"cdbca2c538820c15fdadac8be6aea8931fd891ea","kind":"tag","published_at":"2018-01-04T06:34:18.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.7","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.7","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.7","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.7/manifests"},{"name":"1.0.6","sha":"fad9e33b2fb8b6e8adf241136449acb71b09a724","kind":"tag","published_at":"2018-01-03T11:50:10.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/1.0.6","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/1.0.6","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@1.0.6","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/1.0.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/1.0.6/manifests"},{"name":"v1.0.5","sha":"4789d0bbb9c69495ae575a5b2b01ddaf0c1cd80a","kind":"tag","published_at":"2018-01-02T14:36:31.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.5","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.5","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.5","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.5/manifests"},{"name":"v1.0.4","sha":"749d64f17b5afcbcec024c980c23709165a24d03","kind":"tag","published_at":"2017-12-31T17:18:38.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.4","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.4","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.4/manifests"},{"name":"v1.0.3","sha":"964b3ece50267c599c3169b0f9c57f8796149b57","kind":"tag","published_at":"2017-12-31T17:18:24.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.3","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.3/manifests"},{"name":"v1.0.2","sha":"ab8d752c781aedfee1b681bb8344a2789c265bf2","kind":"tag","published_at":"2017-12-30T23:15:51.000Z","download_url":"https://codeload.github.com/patrickjuchli/basic-ftp/tar.gz/v1.0.2","html_url":"https://github.com/patrickjuchli/basic-ftp/releases/tag/v1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/patrickjuchli/basic-ftp@v1.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/tags/v1.0.2/manifests"}]},"repo_metadata_updated_at":"2026-01-03T10:44:52.532Z","dependent_packages_count":271,"downloads":50604527,"downloads_period":"last-month","dependent_repos_count":5188,"rankings":{"downloads":0.058346411764126076,"dependent_repos_count":0.3186464289586576,"dependent_packages_count":0.18423885723172423,"stargazers_count":2.803858584287703,"forks_count":3.267645477235864,"docker_downloads_count":0.8606574882184603,"average":1.2488988746160892},"purl":"pkg:npm/basic-ftp","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/basic-ftp","docker_dependents_count":819,"docker_downloads_count":2145156376,"usage_url":"https://repos.ecosyste.ms/usage/npm/basic-ftp","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/basic-ftp/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2025-12-28T14:07:46.327Z","issues_count":121,"pull_requests_count":24,"avg_time_to_close_issue":7896057.074766356,"avg_time_to_close_pull_request":18576071.833333332,"issues_closed_count":107,"pull_requests_closed_count":18,"pull_request_authors_count":17,"issue_authors_count":105,"avg_comments_per_issue":2.8264462809917354,"avg_comments_per_pull_request":1.625,"merged_pull_requests_count":9,"bot_issues_count":0,"bot_pull_requests_count":4,"past_year_issues_count":10,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":9028151.0,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":5,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":1,"past_year_issue_authors_count":8,"past_year_avg_comments_per_issue":0.6,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/patrickjuchli%2Fbasic-ftp/issues","maintainers":[{"login":"patrickjuchli","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/patrickjuchli"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/basic-ftp/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/basic-ftp/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/basic-ftp/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/basic-ftp/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/basic-ftp/codemeta","maintainers":[{"uuid":"patrickjuchli","login":"patrickjuchli","name":null,"email":"patrickjuchli@gmail.com","url":null,"packages_count":1,"html_url":"https://www.npmjs.com/~patrickjuchli","role":null,"created_at":"2022-11-11T13:50:28.626Z","updated_at":"2022-11-11T13:50:28.626Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/patrickjuchli/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5292662,"maintainers_count":1098739,"namespaces_count":338157,"keywords_count":767982,"github":"npm","metadata":{"funded_packages_count":159668},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2026-01-06T06:34:51.272Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":1366,"unique_repositories_count_past_30_days":896,"recent_issues":[{"uuid":"4341754387","node_id":"PR_kwDOMbEDbc7WQp5z","number":507,"state":"open","title":"Bump basic-ftp from 5.2.1 to 5.3.1","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T08:42:20.000Z","updated_at":"2026-04-28T08:44:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"basic-ftp","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.1 to 5.3.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.1...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.1\u0026new-version=5.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DEFRA/forms-submission-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DEFRA/forms-submission-api/pull/507","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DEFRA%2Fforms-submission-api/issues/507","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/507/packages"},{"uuid":"4327207620","node_id":"PR_kwDOSBDyV87VjRzq","number":1,"state":"closed","title":"Build(deps): Bump basic-ftp from 5.2.0 to 5.3.0 in /development/fetchLicenses","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T05:44:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T05:41:30.000Z","updated_at":"2026-04-25T05:44:56.000Z","time_to_close":205,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":"/development/fetchLicenses","ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.0\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kakashijk/androidx/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kakashijk/androidx/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakashijk%2Fandroidx/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4327093295","node_id":"PR_kwDORr1rPs7Vi7lM","number":64,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T04:45:40.000Z","updated_at":"2026-04-25T04:48:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@nestjs/core","old_version":"11.1.16","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"axios","old_version":"1.13.5","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.3.3","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"drizzle-orm","old_version":"0.44.7","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"next","old_version":"14.2.35","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"electron","old_version":"36.0.1","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"protobufjs","old_version":"7.5.3","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.16` | `11.1.18` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.0` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.44.7` | `0.45.2` |\n| [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.15` |\n| [electron](https://github.com/electron/electron) | `36.0.1` | `39.8.5` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.5` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n\nBumps the npm_and_yarn group with 4 updates in the /packages/twenty-apps/internal/call-recording directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [axios](https://github.com/axios/axios), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-companion directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-server directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) and [dompurify](https://github.com/cure53/DOMPurify).\nBumps the npm_and_yarn group with 4 updates in the /packages/twenty-server/src/engine/core-modules/application/application-package/constants/seed-dependencies directory: [axios](https://github.com/axios/axios), [nodemailer](https://github.com/nodemailer/nodemailer), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-server/src/engine/core-modules/logic-function/logic-function-drivers/constants/common-layer-dependencies directory: [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-website directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [next](https://github.com/vercel/next.js).\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.16 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e\u003ccode\u003e@​nestjs/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.3 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.3...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 8.0.4 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `drizzle-orm` from 0.44.7 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.44.7...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.35 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.35...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 36.0.1 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v36.0.1...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Action...\n\n_Description has been truncated_","html_url":"https://github.com/jeremydh911/CRM/pull/64","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremydh911%2FCRM/issues/64","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/64/packages"},{"uuid":"4327084431","node_id":"PR_kwDORr1rPs7Vi5tv","number":59,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T04:46:24.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T04:41:39.000Z","updated_at":"2026-04-25T04:46:26.000Z","time_to_close":285,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@nestjs/core","old_version":"11.1.16","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"drizzle-orm","old_version":"0.44.7","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"next","old_version":"14.2.35","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"electron","old_version":"36.0.1","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.16` | `11.1.18` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.44.7` | `0.45.2` |\n| [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.15` |\n| [electron](https://github.com/electron/electron) | `36.0.1` | `39.8.5` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n\nBumps the npm_and_yarn group with 3 updates in the /packages/twenty-apps/internal/call-recording directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-companion directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-server directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core).\nBumps the npm_and_yarn group with 3 updates in the /packages/twenty-server/src/engine/core-modules/application/application-package/constants/seed-dependencies directory: [nodemailer](https://github.com/nodemailer/nodemailer), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-server/src/engine/core-modules/logic-function/logic-function-drivers/constants/common-layer-dependencies directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-website directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [next](https://github.com/vercel/next.js).\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.16 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e\u003ccode\u003e@​nestjs/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 8.0.4 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `drizzle-orm` from 0.44.7 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.44.7...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.35 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.35...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 36.0.1 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v36.0.1...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/jeremydh911/CRM/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremydh911%2FCRM/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"},{"uuid":"4326802273","node_id":"PR_kwDORuCjd87ViADx","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T02:49:16.000Z","updated_at":"2026-04-25T02:49:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":6,"packages":[{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"openclaw","old_version":"2026.2.17","new_version":"2026.4.23","repository_url":"https://github.com/openclaw/openclaw"},{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.0"},{"name":"fast-xml-parser","old_version":"5.3.6","new_version":"5.7.1"},{"name":"hono","old_version":"4.11.10","new_version":"4.12.15"},{"name":"protobufjs","old_version":"6.8.8","new_version":"7.5.4"},{"name":"openclaw","old_version":"2026.2.17","new_version":"2026.4.23","repository_url":"https://github.com/openclaw/openclaw"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [@hono/node-server](https://github.com/honojs/node-server) and [openclaw](https://github.com/openclaw/openclaw).\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e\u003ccode\u003e@​hono/node-server\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openclaw` from 2026.2.17 to 2026.4.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openclaw/openclaw/releases\"\u003eopenclaw's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopenclaw 2026.4.23\u003c/h2\u003e\n\u003ch2\u003e2026.4.23\u003c/h2\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProviders/OpenAI: add image generation and reference-image editing through Codex OAuth, so \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e works without an \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70703\"\u003e#70703\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: add image generation and reference-image editing through \u003ccode\u003eimage_generate\u003c/code\u003e, so OpenRouter image models work with \u003ccode\u003eOPENROUTER_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/55066\"\u003e#55066\u003c/a\u003e via \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67668\"\u003e#67668\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/notamicrodose\"\u003e\u003ccode\u003e@​notamicrodose\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImage generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the \u003ccode\u003eimage_generate\u003c/code\u003e tool. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70503\"\u003e#70503\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/ottodeng\"\u003e\u003ccode\u003e@​ottodeng\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/subagents: add optional forked context for native \u003ccode\u003esessions_spawn\u003c/code\u003e runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.\u003c/li\u003e\n\u003cli\u003eAgents/tools: add optional per-call \u003ccode\u003etimeoutMs\u003c/code\u003e support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.\u003c/li\u003e\n\u003cli\u003eMemory/local embeddings: add configurable \u003ccode\u003ememorySearch.local.contextSize\u003c/code\u003e with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70544\"\u003e#70544\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/aalekh-sarvam\"\u003e\u003ccode\u003e@​aalekh-sarvam\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDependencies/Pi: update bundled Pi packages to \u003ccode\u003e0.70.0\u003c/code\u003e, use Pi's upstream \u003ccode\u003egpt-5.5\u003c/code\u003e catalog metadata for OpenAI and OpenAI Codex, and keep only local \u003ccode\u003egpt-5.5-pro\u003c/code\u003e forward-compat handling.\u003c/li\u003e\n\u003cli\u003eCodex harness: add structured debug logging for embedded harness selection decisions so \u003ccode\u003e/status\u003c/code\u003e stays simple while gateway logs explain auto-selection and Pi fallback reasons. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70760\"\u003e#70760\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/100yenadmin\"\u003e\u003ccode\u003e@​100yenadmin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCodex harness: route native \u003ccode\u003erequest_user_input\u003c/code\u003e prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.\u003c/li\u003e\n\u003cli\u003eCodex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70809\"\u003e#70809\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/jalehman\"\u003e\u003ccode\u003e@​jalehman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70932\"\u003e#70932\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBlock streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70921\"\u003e#70921\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex harness/Windows: resolve npm-installed \u003ccode\u003ecodex.cmd\u003c/code\u003e shims through PATHEXT before starting the native app-server, so \u003ccode\u003ecodex/*\u003c/code\u003e models work without a manual \u003ccode\u003e.exe\u003c/code\u003e shim. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70913\"\u003e#70913\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSlack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal \u0026quot;Working…\u0026quot; traces no longer leak into rooms. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70912\"\u003e#70912\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/61556\"\u003e#61556\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/VictorJeon\"\u003e\u003ccode\u003e@​VictorJeon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eTelegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits \u003ccode\u003e![https://github.com/openclaw/openclaw/blob/HEAD/...](https://github.com/openclaw/openclaw/blob/HEAD/...)\u003c/code\u003e instead of a \u003ccode\u003eMEDIA:\u003c/code\u003e token. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/66191\"\u003e#66191\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/apezam\"\u003e\u003ccode\u003e@​apezam\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging \u003ccode\u003esurface_error\u003c/code\u003e and leaving webchat with no rendered error. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70124\"\u003e#70124\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70848\"\u003e#70848\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks \u003ca href=\"https://github.com/mcaxtr\"\u003e\u003ccode\u003e@​mcaxtr\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/CLI: declare the built-in \u003ccode\u003elocal\u003c/code\u003e embedding provider in the memory-core manifest, so standalone \u003ccode\u003eopenclaw memory status\u003c/code\u003e, \u003ccode\u003eindex\u003c/code\u003e, and \u003ccode\u003esearch\u003c/code\u003e can resolve local embeddings just like the gateway runtime. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70836\"\u003e#70836\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70873\"\u003e#70873\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/mattznojassist\"\u003e\u003ccode\u003e@​mattznojassist\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/68513\"\u003e#68513\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/44276\"\u003e#44276\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/51656\"\u003e#51656\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70212\"\u003e#70212\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.\u003c/li\u003e\n\u003cli\u003eMedia understanding: honor explicit image-model configuration before native-vision skips, including \u003ccode\u003eagents.defaults.imageModel\u003c/code\u003e, \u003ccode\u003etools.media.image.models\u003c/code\u003e, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/47614\"\u003e#47614\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/63722\"\u003e#63722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/69171\"\u003e#69171\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex/media understanding: support \u003ccode\u003ecodex/*\u003c/code\u003e image models through bounded Codex app-server image turns, while keeping \u003ccode\u003eopenai-codex/*\u003c/code\u003e on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70201\"\u003e#70201\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI Codex: synthesize the \u003ccode\u003eopenai-codex/gpt-5.5\u003c/code\u003e OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with \u003ccode\u003eUnknown model\u003c/code\u003e while the account is authenticated.\u003c/li\u003e\n\u003cli\u003eModels/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70820\"\u003e#70820\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: route \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e through configured Codex OAuth directly when an \u003ccode\u003eopenai-codex\u003c/code\u003e profile is active, instead of probing \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e first.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eOpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference \u003ccode\u003egpt-image-2\u003c/code\u003e edits. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70642\"\u003e#70642\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/dashhuang\"\u003e\u003ccode\u003e@​dashhuang\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70410\"\u003e#70410\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use \u003ccode\u003eimage_generate\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67216\"\u003e#67216\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70423\"\u003e#70423\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/giangthb\"\u003e\u003ccode\u003e@​giangthb\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN \u003ccode\u003eimage_generate\u003c/code\u003e routes work without disabling SSRF checks globally. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/62879\"\u003e#62879\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/seitzbg\"\u003e\u003ccode\u003e@​seitzbg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: stop advertising the removed \u003ccode\u003egpt-5.3-codex-spark\u003c/code\u003e Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70719\"\u003e#70719\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70741\"\u003e#70741\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Patrick-Erichsen\"\u003e\u003ccode\u003e@​Patrick-Erichsen\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70673\"\u003e#70673\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/chinar-amrutkar\"\u003e\u003ccode\u003e@​chinar-amrutkar\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to \u003ccode\u003eMEMORY.md\u003c/code\u003e instead of staying on broad workspace markdown indexing.\u003c/li\u003e\n\u003cli\u003eAgents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/QR: replace legacy \u003ccode\u003eqrcode-terminal\u003c/code\u003e QR rendering with bounded \u003ccode\u003eqrcode-tui\u003c/code\u003e helpers for plugin login/setup flows. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/65969\"\u003e#65969\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eVoice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/43501\"\u003e#43501\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/forrestblount\"\u003e\u003ccode\u003e@​forrestblount\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eACPX/Codex: stop materializing \u003ccode\u003eauth.json\u003c/code\u003e bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal \u003ccode\u003eCODEX_HOME\u003c/code\u003e/\u003ccode\u003e~/.codex\u003c/code\u003e auth path directly.\u003c/li\u003e\n\u003cli\u003eAuto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70258\"\u003e#70258\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/wzfukui\"\u003e\u003ccode\u003e@​wzfukui\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/sessions: extend the webchat session-mutation guard to \u003ccode\u003esessions.compact\u003c/code\u003e and \u003ccode\u003esessions.compaction.restore\u003c/code\u003e, so \u003ccode\u003eWEBCHAT_UI\u003c/code\u003e clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70716\"\u003e#70716\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/drobison00\"\u003e\u003ccode\u003e@​drobison00\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/a9797214338ba31c52c796adbb75afb16e0684a9\"\u003e\u003ccode\u003ea979721\u003c/code\u003e\u003c/a\u003e fix: stage WhatsApp runtime deps before setup login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/9b18ae877018a34933e27bb7b2986cb97e9602aa\"\u003e\u003ccode\u003e9b18ae8\u003c/code\u003e\u003c/a\u003e chore: refresh release schema version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/b42c47804b0c116abf06d4794bf4ece882d87f3b\"\u003e\u003ccode\u003eb42c478\u003c/code\u003e\u003c/a\u003e chore: release 2026.4.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/a58ee7c8bc92ad36330c3d86b19a7ba11025f826\"\u003e\u003ccode\u003ea58ee7c\u003c/code\u003e\u003c/a\u003e fix(release): accept logged cross-os agent output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/855872986ea36a42e91800d7c571bcb4fc2bab26\"\u003e\u003ccode\u003e8558729\u003c/code\u003e\u003c/a\u003e fix(release): harden subagent completion delivery\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/137e397f9c612708bcb144736aec467d4eb46030\"\u003e\u003ccode\u003e137e397\u003c/code\u003e\u003c/a\u003e fix: escape Parallels config scrub script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/0d1c97bfcc511365bec8b92e987bd72bb5843943\"\u003e\u003ccode\u003e0d1c97b\u003c/code\u003e\u003c/a\u003e fix: use node for Parallels config scrub\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/805d552601ef518c8b6f54649c453d8249eac08f\"\u003e\u003ccode\u003e805d552\u003c/code\u003e\u003c/a\u003e chore: bump release beta to 2026.4.23-beta.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/8b2bbde8a4f1632646554ea022c9f5032b6a49ba\"\u003e\u003ccode\u003e8b2bbde\u003c/code\u003e\u003c/a\u003e test: harden live docker aggregate flakes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/dc48fb756cf5de5a4ddfe1ce9fc46549e1354787\"\u003e\u003ccode\u003edc48fb7\u003c/code\u003e\u003c/a\u003e [codex] fix agent session-id routing (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70985\"\u003e#70985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openclaw/openclaw/compare/v2026.2.17...v2026.4.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for openclaw since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epreinstall\u003c/code\u003e, \u003ccode\u003epostinstall\u003c/code\u003e scripts that run during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.3.6 to 5.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003cli\u003eprepare rawAttrsForMatcher only if user sets \u003ccode\u003ejPath: false\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003efix typins and matcher instance in callbacks\u003c/h2\u003e\n\u003cp\u003ecombine typings file to avoid configuration changes\npass readonly instance of matcher to the call backs to avoid accidental push/pop call\u003c/p\u003e\n\u003ch2\u003efix bugs of entity parsing and value parsing\u003c/h2\u003e\n\u003cp\u003efix: entity expansion limits\nupdate strnum package to 2.2.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.12 / 2026-04-13\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement: update path-expression-matcher\n\u003cul\u003e\n\u003cli\u003euse proxy pattern than Proxy class\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.11 / 2026-04-08\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement\n\u003cul\u003e\n\u003cli\u003eintegrate ExpressionSet for stopNodes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.10 / 2026-04-03\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003cli\u003eprepare rawAttrsForMatcher only if user sets \u003ccode\u003ejPath: false\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/0f08303189d541b08401d15a7137dc238a815fa7\"\u003e\u003ccode\u003e0f08303\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f529642d760ef53bb9115ad4798af5dc77ac22c4\"\u003e\u003ccode\u003ef529642\u003c/code\u003e\u003c/a\u003e update to release v5.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/52a8583465d6a67ad19e86fe34714879a981c18e\"\u003e\u003ccode\u003e52a8583\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;improve performance of attributes reading\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8d187f9abaf42ebdd85623a9ae942b08e8ae5d0c\"\u003e\u003ccode\u003e8d187f9\u003c/code\u003e\u003c/a\u003e update builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/e174168a72a65a8fccad2c42bde329d2167edf27\"\u003e\u003ccode\u003ee174168\u003c/code\u003e\u003c/a\u003e improve performance of attributes reading\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/79a8dde50cebaeeda75cc1ad5b97c328da106316\"\u003e\u003ccode\u003e79a8dde\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f5cd5a595f313ed7b0820cabfa82ebdaa08651f7\"\u003e\u003ccode\u003ef5cd5a5\u003c/code\u003e\u003c/a\u003e set xml version to decoder even if attributes are ignored\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f44b9236f4bee07bba75f0549fe86c981b1aeeef\"\u003e\u003ccode\u003ef44b923\u003c/code\u003e\u003c/a\u003e remove unwanted tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/869ec8b3588304a3a6aa9f22e38445e06d4547c8\"\u003e\u003ccode\u003e869ec8b\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003e@​nodable/entities\u003c/code\u003e v2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/7cb49e51cd060caecf296fbf718a98d8c044c8c5\"\u003e\u003ccode\u003e7cb49e5\u003c/code\u003e\u003c/a\u003e update release detail\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.11.10 to 4.12.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.14...v4.12.15\"\u003ehttps://github.com/honojs/hono/compare/v4.12.14...v4.12.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f774f8df49e7ec7e205f15c5076a37132c515ebf\"\u003e\u003ccode\u003ef774f8d\u003c/code\u003e\u003c/a\u003e 4.12.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/18fe604c8cefc2628240651b1af219692e1918c1\"\u003e\u003ccode\u003e18fe604\u003c/code\u003e\u003c/a\u003e fix(jwt): support single-line PEM keys (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4889\"\u003e#4889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.11.10...v4.12.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 7.5.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/785416fd2b9827e4cb9bfccd823c3b6836baffb0\"\u003e785416f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution and tests (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/68b5339ea1936c90f526983da29b4267d20f9a51\"\u003e68b5339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e\u003ccode\u003e6406d4c\u003c/code\u003e\u003c/a\u003e fix: optimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e\u003ccode\u003e56782bf\u003c/code\u003e\u003c/a\u003e fix: reserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1dbcfe322899aca50fb82916db7802f647f23f0e\"\u003e\u003ccode\u003e1dbcfe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2035\"\u003e#2035\u003c/a\u003e from protobufjs/release-please--branches--master\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...protobufjs-v7.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openclaw` from 2026.2.17 to 2026.4.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openclaw/openclaw/releases\"\u003eopenclaw's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopenclaw 2026.4.23\u003c/h2\u003e\n\u003ch2\u003e2026.4.23\u003c/h2\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProviders/OpenAI: add image generation and reference-image editing through Codex OAuth, so \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e works without an \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70703\"\u003e#70703\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: add image generation and reference-image editing through \u003ccode\u003eimage_generate\u003c/code\u003e, so OpenRouter image models work with \u003ccode\u003eOPENROUTER_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/55066\"\u003e#55066\u003c/a\u003e via \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67668\"\u003e#67668\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/notamicrodose\"\u003e\u003ccode\u003e@​notamicrodose\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImage generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the \u003ccode\u003eimage_generate\u003c/code\u003e tool. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70503\"\u003e#70503\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/ottodeng\"\u003e\u003ccode\u003e@​ottodeng\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/subagents: add optional forked context for native \u003ccode\u003esessions_spawn\u003c/code\u003e runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.\u003c/li\u003e\n\u003cli\u003eAgents/tools: add optional per-call \u003ccode\u003etimeoutMs\u003c/code\u003e support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.\u003c/li\u003e\n\u003cli\u003eMemory/local embeddings: add configurable \u003ccode\u003ememorySearch.local.contextSize\u003c/code\u003e with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70544\"\u003e#70544\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/aalekh-sarvam\"\u003e\u003ccode\u003e@​aalekh-sarvam\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDependencies/Pi: update bundled Pi packages to \u003ccode\u003e0.70.0\u003c/code\u003e, use Pi's upstream \u003ccode\u003egpt-5.5\u003c/code\u003e catalog metadata for OpenAI and OpenAI Codex, and keep only local \u003ccode\u003egpt-5.5-pro\u003c/code\u003e forward-compat handling.\u003c/li\u003e\n\u003cli\u003eCodex harness: add structured debug logging for embedded harness selection decisions so \u003ccode\u003e/status\u003c/code\u003e stays simple while gateway logs explain auto-selection and Pi fallback reasons. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70760\"\u003e#70760\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/100yenadmin\"\u003e\u003ccode\u003e@​100yenadmin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCodex harness: route native \u003ccode\u003erequest_user_input\u003c/code\u003e prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.\u003c/li\u003e\n\u003cli\u003eCodex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70809\"\u003e#70809\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/jalehman\"\u003e\u003ccode\u003e@​jalehman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70932\"\u003e#70932\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBlock streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70921\"\u003e#70921\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex harness/Windows: resolve npm-installed \u003ccode\u003ecodex.cmd\u003c/code\u003e shims through PATHEXT before starting the native app-server, so \u003ccode\u003ecodex/*\u003c/code\u003e models work without a manual \u003ccode\u003e.exe\u003c/code\u003e shim. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70913\"\u003e#70913\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSlack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal \u0026quot;Working…\u0026quot; traces no longer leak into rooms. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70912\"\u003e#70912\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/61556\"\u003e#61556\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/VictorJeon\"\u003e\u003ccode\u003e@​VictorJeon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eTelegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits \u003ccode\u003e![https://github.com/openclaw/openclaw/blob/HEAD/...](https://github.com/openclaw/openclaw/blob/HEAD/...)\u003c/code\u003e instead of a \u003ccode\u003eMEDIA:\u003c/code\u003e token. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/66191\"\u003e#66191\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/apezam\"\u003e\u003ccode\u003e@​apezam\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging \u003ccode\u003esurface_error\u003c/code\u003e and leaving webchat with no rendered error. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70124\"\u003e#70124\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70848\"\u003e#70848\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks \u003ca href=\"https://github.com/mcaxtr\"\u003e\u003ccode\u003e@​mcaxtr\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/CLI: declare the built-in \u003ccode\u003elocal\u003c/code\u003e embedding provider in the memory-core manifest, so standalone \u003ccode\u003eopenclaw memory status\u003c/code\u003e, \u003ccode\u003eindex\u003c/code\u003e, and \u003ccode\u003esearch\u003c/code\u003e can resolve local embeddings just like the gateway runtime. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70836\"\u003e#70836\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70873\"\u003e#70873\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/mattznojassist\"\u003e\u003ccode\u003e@​mattznojassist\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/68513\"\u003e#68513\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/44276\"\u003e#44276\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/51656\"\u003e#51656\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70212\"\u003e#70212\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.\u003c/li\u003e\n\u003cli\u003eMedia understanding: honor explicit image-model configuration before native-vision skips, including \u003ccode\u003eagents.defaults.imageModel\u003c/code\u003e, \u003ccode\u003etools.media.image.models\u003c/code\u003e, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/47614\"\u003e#47614\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/63722\"\u003e#63722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/69171\"\u003e#69171\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex/media understanding: support \u003ccode\u003ecodex/*\u003c/code\u003e image models through bounded Codex app-server image turns, while keeping \u003ccode\u003eopenai-codex/*\u003c/code\u003e on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70201\"\u003e#70201\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI Codex: synthesize the \u003ccode\u003eopenai-codex/gpt-5.5\u003c/code\u003e OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with \u003ccode\u003eUnknown model\u003c/code\u003e while the account is authenticated.\u003c/li\u003e\n\u003cli\u003eModels/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70820\"\u003e#70820\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: route \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e through configured Codex OAuth directly when an \u003ccode\u003eopenai-codex\u003c/code\u003e profile is active, instead of probing \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e first.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eOpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference \u003ccode\u003egpt-image-2\u003c/code\u003e edits. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70642\"\u003e#70642\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/dashhuang\"\u003e\u003ccode\u003e@​dashhuang\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70410\"\u003e#70410\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use \u003ccode\u003eimage_generate\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67216\"\u003e#67216\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70423\"\u003e#70423\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/giangthb\"\u003e\u003ccode\u003e@​giangthb\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN \u003ccode\u003eimage_generate\u003c/code\u003e routes work without disabling SSRF checks globally. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/62879\"\u003e#62879\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/seitzbg\"\u003e\u003ccode\u003e@​seitzbg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: stop advertising the removed \u003ccode\u003egpt-5.3-codex-spark\u003c/code\u003e Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70719\"\u003e#70719\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70741\"\u003e#70741\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Patrick-Erichsen\"\u003e\u003ccode\u003e@​Patrick-Erichsen\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70673\"\u003e#70673\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/chinar-amrutkar\"\u003e\u003ccode\u003e@​chinar-amrutkar\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to \u003ccode\u003eMEMORY.md\u003c/code\u003e instead of staying on broad workspace markdown indexing.\u003c/li\u003e\n\u003cli\u003eAgents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/QR: replace legacy \u003ccode\u003eqrcode-terminal\u003c/code\u003e QR rendering with bo...\n\n_Description has been truncated_","html_url":"https://github.com/mdjahid11978-design/lossless-claw/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdjahid11978-design%2Flossless-claw/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4323552782","node_id":"PR_kwDOAicEJ87VXUqt","number":156,"state":"open","title":"chore: Bump basic-ftp from 5.2.0 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T14:21:28.000Z","updated_at":"2026-04-24T21:34:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: Bump","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/sudodoki/copy-to-clipboard/pull/156","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudodoki%2Fcopy-to-clipboard/issues/156","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/156/packages"},{"uuid":"4320213568","node_id":"PR_kwDOACQQDs7VMTkT","number":30,"state":"closed","title":"Bump basic-ftp from 5.0.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-24T03:11:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T03:00:48.000Z","updated_at":"2026-04-24T03:11:47.000Z","time_to_close":651,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.0.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.0.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sirkitree/sirkitree.github.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sirkitree/sirkitree.github.com/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sirkitree%2Fsirkitree.github.com/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"},{"uuid":"4319828498","node_id":"PR_kwDOR4yV9c7VLEBM","number":19,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T01:14:47.000Z","updated_at":"2026-04-24T01:16:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"next","old_version":"15.5.14","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"hono","old_version":"4.12.10","new_version":"4.12.14","repository_url":"https://github.com/honojs/hono"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [next](https://github.com/vercel/next.js), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [hono](https://github.com/honojs/hono).\n\nUpdates `next` from 15.5.14 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.5.14...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.10 to 4.12.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003ch3\u003eMissing validation of cookie name on write path in setCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003esetCookie()\u003c/code\u003e, \u003ccode\u003eserialize()\u003c/code\u003e, and \u003ccode\u003eserializeSigned()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm\u003c/p\u003e\n\u003ch3\u003eNon-breaking space prefix bypass in cookie name handling in getCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003egetCookie()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0\"\u003e\u003ccode\u003ecc067c8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec\"\u003e\u003ccode\u003ea586cd7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.10...v4.12.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/crisesarmiento/vision-total-ar/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/crisesarmiento/vision-total-ar/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/crisesarmiento%2Fvision-total-ar/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"},{"uuid":"4318405375","node_id":"PR_kwDON2oBcs7VGaSw","number":59,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-23T19:38:53.000Z","updated_at":"2026-04-23T19:39:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"astro","old_version":"5.16.6","new_version":"6.1.9","repository_url":"https://github.com/withastro/astro"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"dompurify","old_version":"3.3.3","new_version":"3.4.1","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"serialize-javascript","old_version":"7.0.3","new_version":"7.0.5","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.16.6` | `6.1.9` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `7.0.3` | `7.0.5` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/advanced/create-react-native-app directory: [expo](https://github.com/expo/expo/tree/HEAD/packages/expo).\nBumps the npm_and_yarn group with 2 updates in the /examples/advanced/node-modules-as-config-and-properties directory: [minimatch](https://github.com/isaacs/minimatch) and [glob](https://github.com/isaacs/node-glob).\n\nUpdates `astro` from 5.16.6 to 6.1.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003eastro's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eastro@6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16027\"\u003e#16027\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/c62516bbbf8fdf95d38293440d28221c048c41f0\"\u003e\u003ccode\u003ec62516b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fkatsuhiro\"\u003e\u003ccode\u003e@​fkatsuhiro\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16311\"\u003e#16311\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/94048f27c30f47ae0e01f90231e0496ed80595f7\"\u003e\u003ccode\u003e94048f2\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Arecsu\"\u003e\u003ccode\u003e@​Arecsu\u003c/code\u003e\u003c/a\u003e! - Fixes \u003ccode\u003e--port\u003c/code\u003e flag being ignored after a Vite-triggered server restart (e.g. when a \u003ccode\u003e.env\u003c/code\u003e file changes)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16316\"\u003e#16316\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/0fcd04cc985002b56c9e2d36bcb68da0d3f08d5f\"\u003e\u003ccode\u003e0fcd04c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes the \u003ccode\u003e/_image\u003c/code\u003e endpoint accepting an arbitrary \u003ccode\u003ef=svg\u003c/code\u003e query parameter and serving non-SVG content as \u003ccode\u003eimage/svg+xml\u003c/code\u003e. The endpoint now validates that the source is actually SVG before honoring \u003ccode\u003ef=svg\u003c/code\u003e, matching the same guard already enforced on the \u003ccode\u003e\u0026lt;Image\u0026gt;\u003c/code\u003e component path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16202\"\u003e#16202\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/b5c2fba8bf2bc315db94e525f12f7661dd357822\"\u003e\u003ccode\u003eb5c2fba\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes Actions failing with \u003ccode\u003eActionsWithoutServerOutputError\u003c/code\u003e when using \u003ccode\u003eoutput: 'static'\u003c/code\u003e with an adapter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md\"\u003eastro's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16027\"\u003e#16027\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/c62516bbbf8fdf95d38293440d28221c048c41f0\"\u003e\u003ccode\u003ec62516b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fkatsuhiro\"\u003e\u003ccode\u003e@​fkatsuhiro\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16311\"\u003e#16311\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/94048f27c30f47ae0e01f90231e0496ed80595f7\"\u003e\u003ccode\u003e94048f2\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Arecsu\"\u003e\u003ccode\u003e@​Arecsu\u003c/code\u003e\u003c/a\u003e! - Fixes \u003ccode\u003e--port\u003c/code\u003e flag being ignored after a Vite-triggered server restart (e.g. when a \u003ccode\u003e.env\u003c/code\u003e file changes)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16316\"\u003e#16316\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/0fcd04cc985002b56c9e2d36bcb68da0d3f08d5f\"\u003e\u003ccode\u003e0fcd04c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes the \u003ccode\u003e/_image\u003c/code\u003e endpoint accepting an arbitrary \u003ccode\u003ef=svg\u003c/code\u003e query parameter and serving non-SVG content as \u003ccode\u003eimage/svg+xml\u003c/code\u003e. The endpoint now validates that the source is actually SVG before honoring \u003ccode\u003ef=svg\u003c/code\u003e, matching the same guard already enforced on the \u003ccode\u003e\u0026lt;Image\u0026gt;\u003c/code\u003e component path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/21ca8723de9da123f2ee5b7acc7cbaf8f03dbec1\"\u003e\u003ccode\u003e21ca872\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16399\"\u003e#16399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Harden nested object path lookups (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16419\"\u003e#16419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Bump vite, picomatch, and unstorage to latest patch versions (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16448\"\u003e#16448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/471a4d69b9ed98d2a016660e130fc6d12ce8aa38\"\u003e\u003ccode\u003e471a4d6\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate all remaining tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16444\"\u003e#16444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e fix(astro): harden error overlay and log formatting (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16420\"\u003e#16420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e fix(astro): harden astro-island export resolution (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16422\"\u003e#16422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/8a139692a8d6b2402005ddd4bfb58b3868016ced\"\u003e\u003ccode\u003e8a13969\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 4 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16427\"\u003e#16427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/3bdc4acc94114bf04d614d80a354363a4ae9326d\"\u003e\u003ccode\u003e3bdc4ac\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate core-image tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16413\"\u003e#16413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/72e9faa22466f1ba39247bf3e6654e6ddc8dc8d9\"\u003e\u003ccode\u003e72e9faa\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 19 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16414\"\u003e#16414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1c477aa39d2d32b96f3a0498579ef5946efdde7e\"\u003e\u003ccode\u003e1c477aa\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 10 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16411\"\u003e#16411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/astro@6.1.9/packages/astro\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.3 to 3.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.3...3.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 7.0.3 to 7.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove robustness and validation for array-like object serialization.\u003c/li\u003e\n\u003cli\u003eFix an issue where certain object structures could lead to excessive CPU usage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more details, please see GHSA-qj8w-gfj5-8c6v.\u003c/p\u003e\n\u003ch2\u003ev7.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease: v7.0.4 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/211\"\u003eyahoo/serialize-javascript#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/df3f1c1fa9ca16b050ae893cb63ac23c91deed55\"\u003e\u003ccode\u003edf3f1c1\u003c/code\u003e\u003c/a\u003e release: v7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b\"\u003e\u003ccode\u003ef147e90\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/eec32e08c5ac51bba2d8042101f6d2622c133110\"\u003e\u003ccode\u003eeec32e0\u003c/code\u003e\u003c/a\u003e release: v7.0.4\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.4.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.1.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.1.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `expo` from 40.0.1 to 55.0.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expo/expo/blob/main/CHANGELOG.md\"\u003eexpo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eThis is the log of notable changes to the Expo client that are developer-facing.\nPackage-specific changes not released in any SDK will be added here just before the release. Until then, you can find them in changelogs of the individual packages (see \u003ca href=\"https://github.com/expo/expo/blob/main/packages\"\u003epackages\u003c/a\u003e directory).\u003c/p\u003e\n\u003ch2\u003eUnpublished\u003c/h2\u003e\n\u003ch3\u003e📚 3rd party library updates\u003c/h3\u003e\n\u003ch3\u003e🛠 Breaking changes\u003c/h3\u003e\n\u003ch3\u003e🎉 New features\u003c/h3\u003e\n\u003ch3\u003e🐛 Bug fixes\u003c/h3\u003e\n\u003ch2\u003e55.0.0 — 2026-02-25\u003c/h2\u003e\n\u003ch3\u003e🛠 Breaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-notifications\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eexpose \u003ccode\u003eBackgroundNotificationTaskResult\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41291\"\u003e#41291\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ios], [internal] rename \u003ccode\u003eEXNotifications\u003c/code\u003e pod to \u003ccode\u003eExpoNotifications\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42009\"\u003e#42009\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[android] throw instead of logging a warning when attempting to use push notifications with Expo Go (\u003ca href=\"https://redirect.github.com/expo/expo/pull/39459\"\u003e#39459\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-modules-core\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] Drop support for legacy architecture.\u003c/li\u003e\n\u003cli\u003e[iOS] Renamed \u003ccode\u003eignoreSafeAreaKeyboardInsets\u003c/code\u003e to \u003ccode\u003eignoreSafeArea\u003c/code\u003e on \u003ccode\u003eHost\u003c/code\u003e component. It now accepts \u003ccode\u003e'all'\u003c/code\u003e or \u003ccode\u003e'keyboard'\u003c/code\u003e instead of a boolean. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42598\"\u003e#42598\u003c/a\u003e by \u003ca href=\"https://github.com/intergalacticspacehighway\"\u003e\u003ccode\u003e@​nishan\u003c/code\u003e\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42598\"\u003e#42598\u003c/a\u003e by \u003ca href=\"https://github.com/intergalacticspacehighway\"\u003e\u003ccode\u003e@​intergalacticspacehighway\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-localization\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] Default allowDynamicLocaleChangesAndroid to true when supportedLocales is configured (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41813\"\u003e#41813\u003c/a\u003e by \u003ca href=\"https://github.com/Ubax\"\u003e\u003ccode\u003e@​Ubax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-image-loader\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eiOS implementation has been moved to \u003ccode\u003eexpo-modules-core\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41395\"\u003e#41395\u003c/a\u003e by \u003ca href=\"https://github.com/tsapeta\"\u003e\u003ccode\u003e@​tsapeta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-clipboard\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved deprecated \u003ccode\u003econtent\u003c/code\u003e property of the clipboard event listener. Use \u003ccode\u003egetStringAsync()\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41739\"\u003e#41739\u003c/a\u003e by \u003ca href=\"https://github.com/barthap\"\u003e\u003ccode\u003e@​barthap\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-cellular\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated JS constants, return \u003ccode\u003enull\u003c/code\u003e as a replacement for deprecated native iOS methods (\u003ca href=\"https://redirect.github.com/expo/expo/pull/43035\"\u003e#43035\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-brightness\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003euseSystemBrightnessAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40168\"\u003e#40168\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-blur\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] The \u003ccode\u003edimezisBlurView\u003c/code\u003e experimental blur method will no longer work without creating a related \u003ccode\u003eBlurTargetView\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/39990\"\u003e#39990\u003c/a\u003e by \u003ca href=\"https://github.com/behenate\"\u003e\u003ccode\u003e@​behenate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🎉 New features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-web-browser\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for auth universal links callback (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42695\"\u003e#42695\u003c/a\u003e by \u003ca href=\"https://github.com/gabrieldonadel\"\u003e\u003ccode\u003e@​gabrieldonadel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-sqlite\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdded SQLite inspector devtools plugin. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40872\"\u003e#40872\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/expo/expo/pull/40900\"\u003e#40900\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded tagged template literals support. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40972\"\u003e#40972\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eSQLITE_ENABLE_MATH_FUNCTIONS\u003c/code\u003e support by default. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41333\"\u003e#41333\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-speech\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ccode\u003evolume\u003c/code\u003e option on iOS and Android. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40959\"\u003e#40959\u003c/a\u003e by \u003ca href=\"https://github.com/barthap\"\u003e\u003ccode\u003e@​barthap\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-sharing\u003c/code\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/expo/expo/commits/HEAD/packages/expo\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.0.3 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/style-dictionary/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fstyle-dictionary/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"},{"uuid":"4312395395","node_id":"PR_kwDOMYk1487Uyydj","number":178,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 16 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-24T22:17:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T23:35:13.000Z","updated_at":"2026-04-24T22:17:50.000Z","time_to_close":168157,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"electron","old_version":"27.3.10","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"vite","old_version":"5.2.11","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"simple-git","old_version":"3.16.0","new_version":"3.32.3","repository_url":"https://github.com/steveukx/git-js"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"axios","old_version":"0.21.2","new_version":"0.31.0","repository_url":"https://github.com/axios/axios"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.0.3","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [electron](https://github.com/electron/electron) | `27.3.10` | `39.8.5` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.2.11` | `6.4.2` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.16.0` | `3.32.3` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [axios](https://github.com/axios/axios) | `0.21.2` | `0.31.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.3` | `5.3.0` |\n\nBumps the npm_and_yarn group with 2 updates in the /npm/vite-plugin-cypress-esm directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 1 update in the /packages/https-proxy directory: [node-forge](https://github.com/digitalbazaar/forge).\nBumps the npm_and_yarn group with 1 update in the /packages/network directory: [node-forge](https://github.com/digitalbazaar/forge).\nBumps the npm_and_yarn group with 3 updates in the /system-tests/projects/angular-16 directory: [lodash](https://github.com/lodash/lodash), [node-forge](https://github.com/digitalbazaar/forge) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 4 updates in the /system-tests/projects/angular-cli-unconfigured directory: [lodash](https://github.com/lodash/lodash), [node-forge](https://github.com/digitalbazaar/forge), [picomatch](https://github.com/micromatch/picomatch) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/component-testing-outdated-dependencies directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/ct-public-api-solid-js directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/issue-25951-next-app directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/next-12 directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/next-12.1.6 directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 3 updates in the /system-tests/projects/runner-ct-specs directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [node-forge](https://github.com/digitalbazaar/forge) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/tailwind-vite directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/ts-proj-5 directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/vite-ct-object-api directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /system-tests/projects/webpack5_wds3-react directory: [lodash](https://github.com/lodash/lodash) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\n\nUpdates `electron` from 27.3.10 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v27.3.10...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.2.11 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.16.0 to 3.32.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/CodeAnt-AI-Security\"\u003e\u003ccode\u003e@​CodeAnt-AI-Security\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8d02097: Enhanced clone unsafe switch detection.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e23b070f: Fix regex for detecting unsafe clone options\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/stevenwdv\"\u003e\u003ccode\u003e@​stevenwdv\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e1effd8e: Enhances the \u003ccode\u003eunsafe\u003c/code\u003e plugin to block additional cases where the \u003ccode\u003e-u\u003c/code\u003e switch may be disguised\nalong with other single character options.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JuHwiSang\"\u003e\u003ccode\u003e@​JuHwiSang\u003c/code\u003e\u003c/a\u003e for identifying this as vulnerability.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.31.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea44184f: Resolve NPM publish steps\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.30.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebc77774: Correctly identify current branch name when using \u003ccode\u003egit.status\u003c/code\u003e in a cloned empty repo.\u003c/p\u003e\n\u003cp\u003ePreviously \u003ccode\u003egit.status\u003c/code\u003e would report the current branch name as \u003ccode\u003eNo\u003c/code\u003e. Thank you to \u003ca href=\"https://github.com/MaddyGuthridge\"\u003e\u003ccode\u003e@​MaddyGuthridge\u003c/code\u003e\u003c/a\u003e for identifying this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2adf47d: Allow repeating git options like \u003ccode\u003e{'--opt': ['value1', 'value2']}\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.27.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/CodeAnt-AI-Security\"\u003e\u003ccode\u003e@​CodeAnt-AI-Security\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8d02097: Enhanced clone unsafe switch detection.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e23b070f: Fix regex for detecting unsafe clone options\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/stevenwdv\"\u003e\u003ccode\u003e@​stevenwdv\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e1effd8e: Enhances the \u003ccode\u003eunsafe\u003c/code\u003e plugin to block additional cases where the \u003ccode\u003e-u\u003c/code\u003e switch may be disguised\nalong with other single character options.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JuHwiSang\"\u003e\u003ccode\u003e@​JuHwiSang\u003c/code\u003e\u003c/a\u003e for identifying this as vulnerability.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.31.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea44184f: Resolve NPM publish steps\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.31.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e22dc93f: Custom binary plugin should support the use of \u003ccode\u003e~\u003c/code\u003e character, used by Windows to shorten long folder names\nand folder names that have spaces in them (eg: \u003ccode\u003eC:\\Program Files\u003c/code\u003e might become \u003ccode\u003eC:\\PROGRA~1\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/skyshineb\"\u003e\u003ccode\u003e@​skyshineb\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/a1170e506eeeaade4a242bfbf6d0620d57872364\"\u003e\u003ccode\u003ea1170e5\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/f7042088aa2dac59e3c49a84d7a2f4b26048a257\"\u003e\u003ccode\u003ef704208\u003c/code\u003e\u003c/a\u003e In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/4bb20811eb35c0fa5437553cad4eb8ebf8f6f6e6\"\u003e\u003ccode\u003e4bb2081\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7ae7537737bafc1e6559a28816785b10926fb095\"\u003e\u003ccode\u003e7ae7537\u003c/code\u003e\u003c/a\u003e Match tokens to word boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/c47ad103b07ce768cf69aec63e0c9f7f77a1ab0f\"\u003e\u003ccode\u003ec47ad10\u003c/code\u003e\u003c/a\u003e Lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/8d02097b726c2bc5360b4f55ee3ecb7e09648e4d\"\u003e\u003ccode\u003e8d02097\u003c/code\u003e\u003c/a\u003e Enhanced clone switch detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/f6909a52807512cb4e29a654db2dcd409b019113\"\u003e\u003ccode\u003ef6909a5\u003c/code\u003e\u003c/a\u003e Remove test timeout override\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/77406267ceb19aa901495b6ae414020daf789ebf\"\u003e\u003ccode\u003e7740626\u003c/code\u003e\u003c/a\u003e Update plugin.unsafe.spec.ts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/b562a6c4c1a226d9c7789b72c76784f334c1efac\"\u003e\u003ccode\u003eb562a6c\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/23b070f0a4d320af5e745a42ae6176a629409566\"\u003e\u003ccode\u003e23b070f\u003c/code\u003e\u003c/a\u003e Fix regex for CLONE_OPTIONS constant (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1122\"\u003e#1122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.2 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease notes - v0.30.3\u003c/h2\u003e\n\u003cp\u003eThis is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).\u003c/p\u003e\n\u003cp\u003eRecommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.\u003c/p\u003e\n\u003ch2\u003e🛡️ Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBackport: Fix DoS via \u003cstrong\u003eproto\u003c/strong\u003e key in merge config\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003ePatched a vulnerability where specifically crafted configuration objects using the \u003cstrong\u003eproto\u003c/strong\u003e key could cause a Denial of Service during the merge process. - \u003cem\u003eby \u003ca href=\"https://github.com/FeBe95\"\u003e\u003ccode\u003e@​FeBe95\u003c/code\u003e\u003c/a\u003e in [PR \u003ca href=\"https://redirect.github.com/axios/axios/issues/7388\"\u003e#7388\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/axios/axios/pull/7388\"\u003eaxios/axios#7388\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚙️ Maintenance \u0026amp; CI\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Infrastructure Update\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - \u003cem\u003eby \u003ca href=\"https://github.com/jasonsaayman\"\u003e\u003ccode\u003e@​jasonsaayman\u003c/code\u003e\u003c/a\u003e in [PR \u003ca href=\"https://redirect.github.com/axios/axios/issues/7407\"\u003e#7407\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/axios/axios/pull/7407\"\u003eaxios/axios#7407\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Breaking Changes\u003c/h2\u003e\n\u003cp\u003eConfiguration Merging Behavior:\u003c/p\u003e\n\u003cp\u003eAs part of the security fix, Axios now restricts the merging of the \u003cstrong\u003eproto\u003c/strong\u003e key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/00ab2af7334d75874605dcd22575673eae638cee\"\u003e\u003ccode\u003e00ab2af\u003c/code\u003e\u003c/a\u003e refactor: change name to have a unified workflow (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9a66c090bfd946052afba365d809d0c4fbd13238\"\u003e\u003ccode\u003e9a66c09\u003c/code\u003e\u003c/a\u003e chore: added a versioning flow (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c\"\u003e\u003ccode\u003e03cdfc9\u003c/code\u003e\u003c/a\u003e fix: backport the fixes from the v1 branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/71be4e5c80769329d7845b36a8d31e4f7f042202\"\u003e\u003ccode\u003e71be4e5\u003c/code\u003e\u003c/a\u003e fix: return types in AxiosInstance methods should be Promise\u0026lt;R\u0026gt; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/62610f69ad140784ba8e4dc3c5ebec888b53682b\"\u003e\u003ccode\u003e62610f6\u003c/code\u003e\u003c/a\u003e fix: fixed performance issue in isEmptyObject() (\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/68f97f7588608595c5251d91ce4c895e90a10ae0\"\u003e\u003ccode\u003e68f97f7\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/58a604385bf73c5ea19baa2e116de4c63c055852\"\u003e\u003ccode\u003e58a6043\u003c/code\u003e\u003c/a\u003e ci: add zizmor and harden v0.x CI (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b560d41ab8e748d766bbd09bc90e6272f2cc535f\"\u003e\u003ccode\u003eb560d41\u003c/code\u003e\u003c/a\u003e ci: add OIDC publish workflow for v0.x (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.2...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.0 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccod...\n\n_Description has been truncated_","html_url":"https://github.com/hashim21223445/cypress/pull/178","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashim21223445%2Fcypress/issues/178","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/178/packages"},{"uuid":"4303703864","node_id":"PR_kwDOPKnmcs7UWrQZ","number":195,"state":"open","title":"build(deps): bump the npm_and_yarn group across 4 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript","caretaker:owned","claude-code"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T15:37:14.000Z","updated_at":"2026-04-22T08:32:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.3.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.3","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"undici","old_version":"7.16.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.5` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.25.0` |\n\nBumps the npm_and_yarn group with 1 update in the /embed directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 12 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [undici](https://github.com/nodejs/undici) | `6.21.3` | `6.25.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /web directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\n\nUpdates `express-rate-limit` from 8.2.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/releases\"\u003eexpress-rate-limit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.3.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/c4dbb42c1b4891056545e30a9187a64c8bfeb8bc\"\u003e\u003ccode\u003ec4dbb42\u003c/code\u003e\u003c/a\u003e 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/8f1cc6639a430d6409e600c8e5434c1bc1e572bf\"\u003e\u003ccode\u003e8f1cc66\u003c/code\u003e\u003c/a\u003e v8.3.2 changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/601b87f5d171487ed035ccdfee17ec75f5b22f2d\"\u003e\u003ccode\u003e601b87f\u003c/code\u003e\u003c/a\u003e Fix skipFailedRequests for for connections that close very early (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/014c2f32708c0fdb5544834c3e77043e041ae38a\"\u003e\u003ccode\u003e014c2f3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 6 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/4e8b18bf972eff2890ed67bd11d8a08a2c6502d5\"\u003e\u003ccode\u003e4e8b18b\u003c/code\u003e\u003c/a\u003e Remove Zuplo sponsorship details from README (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/613\"\u003e#613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/31dab192a3798984b89e78bfacf755f361f29660\"\u003e\u003ccode\u003e31dab19\u003c/code\u003e\u003c/a\u003e test: use numeric range for reset timestamp assertion (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/f82ad139611ed69c451f113913f0347ee78d19ec\"\u003e\u003ccode\u003ef82ad13\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 2 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/fa0b0982049814870faf9d57b7588a0b9acd107f\"\u003e\u003ccode\u003efa0b098\u003c/code\u003e\u003c/a\u003e docs: fix broken link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/47e5b2952fe697ac0a5f8a6aa86f050f6f2c0ce5\"\u003e\u003ccode\u003e47e5b29\u003c/code\u003e\u003c/a\u003e 8.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/eb61179a49064c7e86f6f8688be742343b1f1b8e\"\u003e\u003ccode\u003eeb61179\u003c/code\u003e\u003c/a\u003e v8.3.1 changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.2.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.2.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.3 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-03-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump protobufjs dependency version for cli package (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2128\"\u003e#2128\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377\"\u003e549b05e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecorrect json syntax in tsconfig.json (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2120\"\u003e#2120\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687\"\u003e8065625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edescriptor:\u003c/strong\u003e guard oneof index for non-Type parents (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2122\"\u003e#2122\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728\"\u003e1cac5cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad\"\u003ef05e3c3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75\"\u003e535df44\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7\"\u003e53e8492\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.16.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates ...\n\n_Description has been truncated_","html_url":"https://github.com/ianlintner/Example-React-AI-Chat-App/pull/195","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlintner%2FExample-React-AI-Chat-App/issues/195","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/195/packages"},{"uuid":"4302375906","node_id":"PR_kwDOB-71UM7USVYk","number":13292,"state":"open","title":"chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 in /test/frontend-integration-test","user":"dependabot[bot]","labels":["lgtm","approved","size/XS","ok-to-test","dependencies","javascript"],"assignees":["jeffspahr"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T11:50:58.000Z","updated_at":"2026-04-26T21:19:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"basic-ftp","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":"/test/frontend-integration-test","ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.2 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubeflow/pipelines/pull/13292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeflow%2Fpipelines/issues/13292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13292/packages"},{"uuid":"4300632054","node_id":"PR_kwDOPKnmcs7UMqcC","number":189,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript","caretaker:owned"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T06:07:27.000Z","updated_at":"2026-04-22T05:56:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"undici","old_version":"6.22.0","new_version":"6.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.13","repository_url":"https://github.com/isaacs/node-tar"},{"name":"yaml","old_version":"2.8.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [undici](https://github.com/nodejs/undici) | `6.22.0` | `6.25.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.13` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.3` |\n\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.22.0 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.22.0...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.1 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930\"\u003e\u003ccode\u003e086fa6b\u003c/code\u003e\u003c/a\u003e 2.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752\"\u003e\u003ccode\u003e95f01e9\u003c/code\u003e\u003c/a\u003e chore: Add funding to package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ianlintner/Example-React-AI-Chat-App/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ianlintner/Example-React-AI-Chat-App/pull/189","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlintner%2FExample-React-AI-Chat-App/issues/189","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/189/packages"},{"uuid":"4299370077","node_id":"PR_kwDODYkkLs7UIpif","number":5518,"state":"open","title":"build(deps): bump the npm_and_yarn group across 2 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-20T23:52:42.000Z","updated_at":"2026-04-20T23:55:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"protobufjs","old_version":"7.3.2","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@hono/node-server","old_version":"1.19.10","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"hono","old_version":"4.12.7","new_version":"4.12.14","repository_url":"https://github.com/honojs/hono"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /infra/perfetto.dev directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [dompurify](https://github.com/cure53/DOMPurify) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 9 updates in the /ui directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.3.2` | `7.5.5` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.10` | `1.19.14` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [hono](https://github.com/honojs/hono) | `4.12.7` | `4.12.14` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n\n\nUpdates `protobufjs` from 6.11.4 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/v6.11.4...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.3.2 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/v6.11.4...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.10 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e\u003ccode\u003e@​hono/node-server\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.7 to 4.12.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003ch3\u003eMissing validation of cookie name on write path in setCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003esetCookie()\u003c/code\u003e, \u003ccode\u003eserialize()\u003c/code\u003e, and \u003ccode\u003eserializeSigned()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm\u003c/p\u003e\n\u003ch3\u003eNon-breaking space prefix bypass in cookie name handling in getCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003egetCookie()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0\"\u003e\u003ccode\u003ecc067c8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec\"\u003e\u003ccode\u003ea586cd7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.7...v4.12.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/perfetto/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/google/perfetto/pull/5518","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fperfetto/issues/5518","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5518/packages"},{"uuid":"4292472226","node_id":"PR_kwDOCY9Qkc7TyTwx","number":1041,"state":"closed","title":"Bump the npm-dependencies group with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript","minor"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T14:58:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T00:45:12.000Z","updated_at":"2026-04-20T14:59:09.000Z","time_to_close":51227,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm-dependencies","update_count":18,"packages":[{"name":"i18next","old_version":"26.0.4","new_version":"26.0.6","repository_url":"https://github.com/i18next/i18next"},{"name":"puppeteer-core","old_version":"24.40.0","new_version":"24.41.0","repository_url":"https://github.com/puppeteer/puppeteer"},{"name":"webpack","old_version":"5.106.1","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"},{"name":"@csstools/css-syntax-patches-for-csstree","old_version":"1.1.2","new_version":"1.1.3","repository_url":"https://github.com/csstools/postcss-plugins"},{"name":"@emnapi/core","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/toyobayashi/emnapi"},{"name":"@emnapi/runtime","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/toyobayashi/emnapi"},{"name":"@istanbuljs/schema","old_version":"0.1.3","new_version":"0.1.6","repository_url":"https://github.com/istanbuljs/schema"},{"name":"bare-fs","old_version":"4.7.0","new_version":"4.7.1","repository_url":"https://github.com/holepunchto/bare-fs"},{"name":"bare-url","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/holepunchto/bare-url"},{"name":"baseline-browser-mapping","old_version":"2.10.18","new_version":"2.10.20","repository_url":"https://github.com/web-platform-dx/baseline-browser-mapping"},{"name":"basic-ftp","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"caniuse-lite","old_version":"1.0.30001787","new_version":"1.0.30001788","repository_url":"https://github.com/browserslist/caniuse-lite"},{"name":"electron-to-chromium","old_version":"1.5.335","new_version":"1.5.340","repository_url":"https://github.com/Kilian/electron-to-chromium"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.3","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"postcss","old_version":"8.5.9","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"puppeteer","old_version":"24.40.0","new_version":"24.41.0","repository_url":"https://github.com/puppeteer/puppeteer"},{"name":"undici","old_version":"7.24.8","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm-dependencies group with 18 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [i18next](https://github.com/i18next/i18next) | `26.0.4` | `26.0.6` |\n| [puppeteer-core](https://github.com/puppeteer/puppeteer) | `24.40.0` | `24.41.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.1` | `5.106.2` |\n| [@csstools/css-syntax-patches-for-csstree](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-syntax-patches-for-csstree) | `1.1.2` | `1.1.3` |\n| [@emnapi/core](https://github.com/toyobayashi/emnapi) | `1.9.2` | `1.10.0` |\n| [@emnapi/runtime](https://github.com/toyobayashi/emnapi) | `1.9.2` | `1.10.0` |\n| [@istanbuljs/schema](https://github.com/istanbuljs/schema) | `0.1.3` | `0.1.6` |\n| [bare-fs](https://github.com/holepunchto/bare-fs) | `4.7.0` | `4.7.1` |\n| [bare-url](https://github.com/holepunchto/bare-url) | `2.4.0` | `2.4.1` |\n| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.18` | `2.10.20` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.2` | `5.3.0` |\n| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001787` | `1.0.30001788` |\n| [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.335` | `1.5.340` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.9` | `8.5.10` |\n| [puppeteer](https://github.com/puppeteer/puppeteer) | `24.40.0` | `24.41.0` |\n| [undici](https://github.com/nodejs/undici) | `7.24.8` | `7.25.0` |\n\nUpdates `i18next` from 26.0.4 to 26.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next/releases\"\u003ei18next's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev26.0.6\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. GHSA advisory filed after release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: warn when a translation string combines \u003ccode\u003eescapeValue: false\u003c/code\u003e with interpolated variables inside a \u003ccode\u003e$t(key, { ... \u0026quot;{{var}}\u0026quot; ... })\u003c/code\u003e nesting-options block. In that narrow combination, attacker-controlled string values containing \u003ccode\u003e\u0026quot;\u003c/code\u003e can break out of the JSON options literal and inject additional nesting options (e.g. redirect \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e). The default \u003ccode\u003eescapeValue: true\u003c/code\u003e configuration is unaffected because HTML-escaping neutralises the quote before \u003ccode\u003eJSON.parse\u003c/code\u003e. See the security docs for mitigation guidance (GHSA-TBD)\u003c/li\u003e\n\u003cli\u003esecurity: apply \u003ccode\u003eregexEscape\u003c/code\u003e to \u003ccode\u003eunescapePrefix\u003c/code\u003e / \u003ccode\u003eunescapeSuffix\u003c/code\u003e on par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the \u003ccode\u003e{{- var}}\u003c/code\u003e syntax when the delimiter contains characters like \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e.\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003esecurity: strip CR/LF/NUL and other C0/C1 control characters from string log arguments to prevent log forging via user-controlled translation keys, language codes, namespaces, or interpolation variable names (CWE-117)\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev26.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language state when the target language is not yet loaded — a race between \u003ccode\u003einit()\u003c/code\u003e's deferred \u003ccode\u003eload()\u003c/code\u003e and the user's \u003ccode\u003echangeLanguage()\u003c/code\u003e could overwrite \u003ccode\u003eisLanguageChangingTo\u003c/code\u003e, causing \u003ccode\u003esetLngProps\u003c/code\u003e to be skipped \u003ca href=\"https://redirect.github.com/i18next/i18next/issues/2422\"\u003e2422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next/blob/master/CHANGELOG.md\"\u003ei18next's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.6\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: warn when a translation string combines \u003ccode\u003eescapeValue: false\u003c/code\u003e with interpolated variables inside a \u003ccode\u003e$t(key, { ... \u0026quot;{{var}}\u0026quot; ... })\u003c/code\u003e nesting-options block. In that narrow combination, attacker-controlled string values containing \u003ccode\u003e\u0026quot;\u003c/code\u003e can break out of the JSON options literal and inject additional nesting options (e.g. redirect \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e). The default \u003ccode\u003eescapeValue: true\u003c/code\u003e configuration is unaffected because HTML-escaping neutralises the quote before \u003ccode\u003eJSON.parse\u003c/code\u003e. See the \u003ca href=\"https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block\"\u003esecurity note in the Nesting docs\u003c/a\u003e for the full pattern and mitigations\u003c/li\u003e\n\u003cli\u003esecurity: apply \u003ccode\u003eregexEscape\u003c/code\u003e to \u003ccode\u003eunescapePrefix\u003c/code\u003e / \u003ccode\u003eunescapeSuffix\u003c/code\u003e on par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the \u003ccode\u003e{{- var}}\u003c/code\u003e syntax when the delimiter contains characters like \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e.\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003esecurity: strip CR/LF/NUL and other C0/C1 control characters from string log arguments to prevent log forging via user-controlled translation keys, language codes, namespaces, or interpolation variable names (CWE-117)\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language state when the target language is not yet loaded — a race between \u003ccode\u003einit()\u003c/code\u003e's deferred \u003ccode\u003eload()\u003c/code\u003e and the user's \u003ccode\u003echangeLanguage()\u003c/code\u003e could overwrite \u003ccode\u003eisLanguageChangingTo\u003c/code\u003e, causing \u003ccode\u003esetLngProps\u003c/code\u003e to be skipped \u003ca href=\"https://redirect.github.com/i18next/i18next/issues/2422\"\u003e2422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/9d0ed9f98ee0386f923175f3638e2df103143dde\"\u003e\u003ccode\u003e9d0ed9f\u003c/code\u003e\u003c/a\u003e 26.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/8c825644373b4faaeedd2587b9080283d2fcf5ce\"\u003e\u003ccode\u003e8c82564\u003c/code\u003e\u003c/a\u003e security: hardening for 26.0.6 — nesting-options warning, regexEscape unescap...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/0cb018c363d9b64790248d2712ac57258a9708bb\"\u003e\u003ccode\u003e0cb018c\u003c/code\u003e\u003c/a\u003e chore: bump devDependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/ab4633fee059432fc2a0a11a00741eac51313a7e\"\u003e\u003ccode\u003eab4633f\u003c/code\u003e\u003c/a\u003e 26.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/bae3b8bca9e060311fa039f31415b9eccd66a1e4\"\u003e\u003ccode\u003ebae3b8b\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language st...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/i18next/i18next/compare/v26.0.4...v26.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puppeteer-core` from 24.40.0 to 24.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/releases\"\u003epuppeteer-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epuppeteer-core: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md\"\u003epuppeteer-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-v24.40.0...puppeteer-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\n\u003cul\u003e\n\u003cli\u003edependencies\n\u003cul\u003e\n\u003cli\u003epuppeteer-core bumped from 24.40.0 to 24.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2d05dfcfa321f7e6289e4658cd6f0cced3d62fe2\"\u003e\u003ccode\u003e2d05dfc\u003c/code\u003e\u003c/a\u003e fix: bump node to 24 to avoid publishing bugs with npm (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14868\"\u003e#14868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/20402bc0f9a7daeee2afc6a9859a55ff9bf0e391\"\u003e\u003ccode\u003e20402bc\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14866\"\u003e#14866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e\u003ccode\u003e080379b\u003c/code\u003e\u003c/a\u003e docs: update extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/1f9dc746565c818d59fff9e84c3c795ddd2ec32d\"\u003e\u003ccode\u003e1f9dc74\u003c/code\u003e\u003c/a\u003e chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /website (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14865\"\u003e#14865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/4655500ac52c67c782a956ea66270dfcf5a38d91\"\u003e\u003ccode\u003e4655500\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dev-dependencies group with 8 updates (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14855\"\u003e#14855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d5029415e2c3d83ed340cf29733662e9f0b58434\"\u003e\u003ccode\u003ed502941\u003c/code\u003e\u003c/a\u003e test: fix extension test flakiness (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14864\"\u003e#14864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003e\u003ccode\u003ee484a91\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003e\u003ccode\u003ec14f4ae\u003c/code\u003e\u003c/a\u003e feat: adds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/5097b97d07eb0e3c68d99fce80efe899084a313d\"\u003e\u003ccode\u003e5097b97\u003c/code\u003e\u003c/a\u003e test: fix flaky extension test (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14853\"\u003e#14853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e\u003ccode\u003e8f95117\u003c/code\u003e\u003c/a\u003e feat(webmcp): add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.106.1 to 5.106.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.106.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e now inherits the parent module's exportType, so a file configured as \u0026quot;text\u0026quot; correctly creates a style tag when \u003ca href=\"https://github.com/imported\"\u003e\u003ccode\u003e@​imported\u003c/code\u003e\u003c/a\u003e by a \u0026quot;style\u0026quot; parent. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20838\"\u003e#20838\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator \u003ccode\u003eexportsOnly\u003c/code\u003e, JsonGenerator \u003ccode\u003eJSONParse\u003c/code\u003e, WebAssemblyGenerator \u003ccode\u003emangleImports\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e||\u003c/code\u003e default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. \u003ccode\u003emodules: false\u003c/code\u003e, \u003ccode\u003eentries: false\u003c/code\u003e, \u003ccode\u003eentrypoints: false\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20823\"\u003e#20823\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMigrate from \u003ccode\u003emime-types\u003c/code\u003e to \u003ccode\u003emime-db\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20812\"\u003e#20812\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20831\"\u003e#20831\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMarked all experimental options in types. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20814\"\u003e#20814\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.106.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e now inherits the parent module's exportType, so a file configured as \u0026quot;text\u0026quot; correctly creates a style tag when \u003ca href=\"https://github.com/imported\"\u003e\u003ccode\u003e@​imported\u003c/code\u003e\u003c/a\u003e by a \u0026quot;style\u0026quot; parent. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20838\"\u003e#20838\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator \u003ccode\u003eexportsOnly\u003c/code\u003e, JsonGenerator \u003ccode\u003eJSONParse\u003c/code\u003e, WebAssemblyGenerator \u003ccode\u003emangleImports\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e||\u003c/code\u003e default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. \u003ccode\u003emodules: false\u003c/code\u003e, \u003ccode\u003eentries: false\u003c/code\u003e, \u003ccode\u003eentrypoints: false\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20823\"\u003e#20823\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMigrate from \u003ccode\u003emime-types\u003c/code\u003e to \u003ccode\u003emime-db\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20812\"\u003e#20812\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20831\"\u003e#20831\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMarked all experimental options in types. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20814\"\u003e#20814\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0d7e3e0153f0696311a590f90620506e8ab166ac\"\u003e\u003ccode\u003e0d7e3e0\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20815\"\u003e#20815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/d5df118cd230458cde9265704f796c8fefd016d4\"\u003e\u003ccode\u003ed5df118\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/cache in the dependencies group (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20839\"\u003e#20839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5f0874bbced3a35efe603547f735ea28337cda60\"\u003e\u003ccode\u003e5f0874b\u003c/code\u003e\u003c/a\u003e fix: make asset modules available in JS when referenced from CSS and lazy JS ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b63ab37e5e867197da736620359f6597b1fbc44a\"\u003e\u003ccode\u003eb63ab37\u003c/code\u003e\u003c/a\u003e chore(deps): bump test/test262-cases in the dependencies group (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20792\"\u003e#20792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/313dfc596774ba7a5436b4f1012006e1df4ccc20\"\u003e\u003ccode\u003e313dfc5\u003c/code\u003e\u003c/a\u003e ci: improve time for windows (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20840\"\u003e#20840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/a553f61be33ec8ca8dd7536de0808152962f5bae\"\u003e\u003ccode\u003ea553f61\u003c/code\u003e\u003c/a\u003e test: update test262 (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20841\"\u003e#20841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/1ef747cb0a3750c76a55ba4d61b09bf5576e3dd5\"\u003e\u003ccode\u003e1ef747c\u003c/code\u003e\u003c/a\u003e fix: CSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e should inherit parent's exportType over parser config (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20838\"\u003e#20838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/485d4cecb06adb232d7c9292665a009a0447dd00\"\u003e\u003ccode\u003e485d4ce\u003c/code\u003e\u003c/a\u003e chore(deps): update \u003ccode\u003eopen-cli\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20834\"\u003e#20834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/46042b91960ad453c91892bb5571013ce312fda9\"\u003e\u003ccode\u003e46042b9\u003c/code\u003e\u003c/a\u003e chore(deps): no outdated strip-ansi (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/8c7700bb3d2bfdf7d45903fc8e178e3cb16f46d1\"\u003e\u003ccode\u003e8c7700b\u003c/code\u003e\u003c/a\u003e fix: handle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.106.1...v5.106.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@csstools/css-syntax-patches-for-csstree` from 1.1.2 to 1.1.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/csstools/postcss-plugins/blob/main/packages/css-syntax-patches-for-csstree/CHANGELOG.md\"\u003e\u003ccode\u003e@​csstools/css-syntax-patches-for-csstree\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e1.1.3\u003c/h3\u003e\n\u003cp\u003e\u003cem\u003eApril 12, 2026\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@webref/css\u003c/code\u003e to \u003ca href=\"https://github.com/w3c/webref/releases/tag/%40webref%2Fcss%408.5.3\"\u003e\u003ccode\u003ev8.5.3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-syntax-patches-for-csstree\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@emnapi/core` from 1.9.2 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/toyobayashi/emnapi/releases\"\u003e\u003ccode\u003e@​emnapi/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: early update wasm memory for views (\u003ca href=\"https://github.com/hardfist/emnapi-shared-memory-grow-repro\"\u003ehttps://github.com/hardfist/emnapi-shared-memory-grow-repro\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory\u003c/li\u003e\n\u003cli\u003efix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003efix: coalesce tsfn (js version) send message\u003c/li\u003e\n\u003cli\u003eci: restructure CI workflows\u003c/li\u003e\n\u003cli\u003eci: prebuilt liraries using llvm 22\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/hardfist\"\u003e\u003ccode\u003e@​hardfist\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ehttps://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/ba84999164c8d9ee10e57f72bb6fa5fa0b192b54\"\u003e\u003ccode\u003eba84999\u003c/code\u003e\u003c/a\u003e 1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71b77fb184a0dcab2c7a726e2f9c9cbb0c7f9257\"\u003e\u003ccode\u003e71b77fb\u003c/code\u003e\u003c/a\u003e fix: free queue node and set async_pending flag before finalize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b0cc8cc3453deba82eb67947673c932b0ff7c192\"\u003e\u003ccode\u003eb0cc8cc\u003c/code\u003e\u003c/a\u003e fix: tsfn use after free\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/e2ba93140776624e4f718f030474c3b3992d6dcd\"\u003e\u003ccode\u003ee2ba931\u003c/code\u003e\u003c/a\u003e ci: llvm 22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b02054aef5e6c84f6d0721e78c5733aef8fc2ca1\"\u003e\u003ccode\u003eb02054a\u003c/code\u003e\u003c/a\u003e fix: coalesce tsfn send message (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71cd534275e3e35b78efacfdffffc013b696173f\"\u003e\u003ccode\u003e71cd534\u003c/code\u003e\u003c/a\u003e test: fix async_progress_worker test (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/c81c1fbde97ce05cb1806e8ecfc59a50323bb17d\"\u003e\u003ccode\u003ec81c1fb\u003c/code\u003e\u003c/a\u003e ci: restructure CI workflows (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/19b27bb008cc0b1343e2ebc0becfdeca26881640\"\u003e\u003ccode\u003e19b27bb\u003c/code\u003e\u003c/a\u003e fix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/4113230dfd5001c1cd14729fe93668e62d3ce926\"\u003e\u003ccode\u003e4113230\u003c/code\u003e\u003c/a\u003e fix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/61c497ee92d099d9279b9282a9ef1ae86265edef\"\u003e\u003ccode\u003e61c497e\u003c/code\u003e\u003c/a\u003e fix: early update wasm memory for views (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@emnapi/runtime` from 1.9.2 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/toyobayashi/emnapi/releases\"\u003e\u003ccode\u003e@​emnapi/runtime\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: early update wasm memory for views (\u003ca href=\"https://github.com/hardfist/emnapi-shared-memory-grow-repro\"\u003ehttps://github.com/hardfist/emnapi-shared-memory-grow-repro\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory\u003c/li\u003e\n\u003cli\u003efix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003efix: coalesce tsfn (js version) send message\u003c/li\u003e\n\u003cli\u003eci: restructure CI workflows\u003c/li\u003e\n\u003cli\u003eci: prebuilt liraries using llvm 22\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/hardfist\"\u003e\u003ccode\u003e@​hardfist\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ehttps://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/ba84999164c8d9ee10e57f72bb6fa5fa0b192b54\"\u003e\u003ccode\u003eba84999\u003c/code\u003e\u003c/a\u003e 1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71b77fb184a0dcab2c7a726e2f9c9cbb0c7f9257\"\u003e\u003ccode\u003e71b77fb\u003c/code\u003e\u003c/a\u003e fix: free queue node and set async_pending flag before finalize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b0cc8cc3453deba82eb67947673c932b0ff7c192\"\u003e\u003ccode\u003eb0cc8cc\u003c/code\u003e\u003c/a\u003e fix: tsfn use after free\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/e2ba93140776624e4f718f030474c3b3992d6dcd\"\u003e\u003ccode\u003ee2ba931\u003c/code\u003e\u003c/a\u003e ci: llvm 22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b02054aef5e6c84f6d0721e78c5733aef8fc2ca1\"\u003e\u003ccode\u003eb02054a\u003c/code\u003e\u003c/a\u003e fix: coalesce tsfn send message (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71cd534275e3e35b78efacfdffffc013b696173f\"\u003e\u003ccode\u003e71cd534\u003c/code\u003e\u003c/a\u003e test: fix async_progress_worker test (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/c81c1fbde97ce05cb1806e8ecfc59a50323bb17d\"\u003e\u003ccode\u003ec81c1fb\u003c/code\u003e\u003c/a\u003e ci: restructure CI workflows (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/19b27bb008cc0b1343e2ebc0becfdeca26881640\"\u003e\u003ccode\u003e19b27bb\u003c/code\u003e\u003c/a\u003e fix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/4113230dfd5001c1cd14729fe93668e62d3ce926\"\u003e\u003ccode\u003e4113230\u003c/code\u003e\u003c/a\u003e fix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/61c497ee92d099d9279b9282a9ef1ae86265edef\"\u003e\u003ccode\u003e61c497e\u003c/code\u003e\u003c/a\u003e fix: early update wasm memory for views (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@istanbuljs/schema` from 0.1.3 to 0.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/istanbuljs/schema/releases\"\u003e\u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.5...v0.1.6\"\u003e0.1.6\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo change to schema in 0.1.x series (\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e440f977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.1.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.4...v0.1.5\"\u003e0.1.5\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRe-add release-please (\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e7c25461\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/istanbuljs/schema/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.5...v0.1.6\"\u003e0.1.6\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo change to schema in 0.1.x series (\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e440f977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.4...v0.1.5\"\u003e0.1.5\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRe-add release-please (\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e7c25461\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.3...v0.1.4\"\u003e0.1.4\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove development dependencies (\u003ca href=\"https://github.com/istanbuljs/schema/commit/a24b4c1bccf65f63e7f1fe6bd82bed82e57abc80\"\u003ea24b4c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/f870afe9d8e71e1c8d723ff75cf78f388a1a7e1c\"\u003e\u003ccode\u003ef870afe\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e\u003ccode\u003e440f977\u003c/code\u003e\u003c/a\u003e fix: Undo change to schema in 0.1.x series\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/d258e9ecf6ff3afdc279c8da7dc8435bce1b7554\"\u003e\u003ccode\u003ed258e9e\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e\u003ccode\u003e7c25461\u003c/code\u003e\u003c/a\u003e fix: Re-add release-please\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/75b89fd6070e07f70129eccbbed47d450acc5d63\"\u003e\u003ccode\u003e75b89fd\u003c/code\u003e\u003c/a\u003e chore: Remove release-please\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/467c01f587b421b3f226a49da2ae28d507a012ba\"\u003e\u003ccode\u003e467c01f\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/a24b4c1bccf65f63e7f1fe6bd82bed82e57abc80\"\u003e\u003ccode\u003ea24b4c1\u003c/code\u003e\u003c/a\u003e fix: Remove development dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.3...v0.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bare-fs` from 4.7.0 to 4.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/holepunchto/bare-fs/releases\"\u003ebare-fs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erecursive\u003c/code\u003e option to \u003ccode\u003ereaddir\u003c/code\u003e methods by \u003ca href=\"https://github.com/yassernasc\"\u003e\u003ccode\u003e@​yassernasc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/pull/35\"\u003eholepunchto/bare-fs#35\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicitly retain read and write buffers by \u003ca href=\"https://github.com/kasperisager\"\u003e\u003ccode\u003e@​kasperisager\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/pull/36\"\u003eholepunchto/bare-fs#36\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\"\u003ehttps://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/5d97145266603f704e19458c85f41a9ea8b2fa40\"\u003e\u003ccode\u003e5d97145\u003c/code\u003e\u003c/a\u003e 4.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/bf7d7f8dccf2a9bb8954c03f56c1490f9922c7c7\"\u003e\u003ccode\u003ebf7d7f8\u003c/code\u003e\u003c/a\u003e Explicitly retain read and write buffers (\u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/issues/36\"\u003e#36\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/a000d5ae28bb85d103825dc07af76205e03c4a89\"\u003e\u003ccode\u003ea000d5a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003erecursive\u003c/code\u003e option to \u003ccode\u003ereaddir\u003c/code\u003e methods (\u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/issues/35\"\u003e#35\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bare-url` from 2.4.0 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/holepunchto/bare-url/releases\"\u003ebare-url's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\"\u003ehttps://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/a769786b1389339009e47d713071b7066070445c\"\u003e\u003ccode\u003ea769786\u003c/code\u003e\u003c/a\u003e 2.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/ab96d9fcaeaf1c2b7a077292dcd7855b373e4963\"\u003e\u003ccode\u003eab96d9f\u003c/code\u003e\u003c/a\u003e Add Lunte and publish workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/4122d0959a4b83a7f23c5a5b056146458d2cffd4\"\u003e\u003ccode\u003e4122d09\u003c/code\u003e\u003c/a\u003e Add missing \u003ccode\u003e+\u003c/code\u003e replacement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/c0186ba1d4cb715a1cd887273ad2d39b3ce5b60e\"\u003e\u003ccode\u003ec0186ba\u003c/code\u003e\u003c/a\u003e Reenable assertions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/41a20a86358bb7edbe8e33700cd301c41172085a\"\u003e\u003ccode\u003e41a20a8\u003c/code\u003e\u003c/a\u003e Remove unused type tag\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for bare-url since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `baseline-browser-mapping` from 2.10.18 to 2.10.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/releases\"\u003ebaseline-browser-mapping's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.3 - remove \u003ccode\u003eprocess.loadEnvFile()\u003c/code\u003e\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process.loadEnfFile() from main script by \u003ca href=\"https://github.com/tonypconway\"\u003e\u003ccode\u003e@​tonypconway\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/web-platform-dx/baseline-browser-mapping/pull/112\"\u003eweb-platform-dx/baseline-browser-mapping#112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.9.2...v2.9.3\"\u003ehttps://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.9.2...v2.9.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/481a1e4bb3c007bcd63a1dfb1fac87fd0abcecc9\"\u003e\u003ccode\u003e481a1e4\u003c/code\u003e\u003c/a\u003e Patch to 2.10.20 because browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/f78424437cacb15a5d7a371ef39d29a0334f1a24\"\u003e\u003ccode\u003ef784244\u003c/code\u003e\u003c/a\u003e Browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/94a5b7bcf85eb85843fbedfcf4d5bbcab648570e\"\u003e\u003ccode\u003e94a5b7b\u003c/code\u003e\u003c/a\u003e Patch to 2.10.19 because browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/b1fbd837eebcb7d6d4231036da1b890276f74d7b\"\u003e\u003ccode\u003eb1fbd83\u003c/code\u003e\u003c/a\u003e Browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/933b064bc14696ecb2bfc346ba66169b7d2dbaf8\"\u003e\u003ccode\u003e933b064\u003c/code\u003e\u003c/a\u003e Updating static site\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/6bcec924ed283d6c167191c60b638252420da0e6\"\u003e\u003ccode\u003e6bcec92\u003c/code\u003e\u003c/a\u003e Updating static site\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.18...v2.10.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.2 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `caniuse-lite` from 1.0.30001787 to 1.0.30001788\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserslist/caniuse-lite/commit/a90bee690d4f830b1c9d286636e48c173f8a84bb\"\u003e\u003ccode\u003ea90bee6\u003c/code\u003e\u003c/a\u003e Update caniuse-db 1.0.30001788\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/browserslist/caniuse-lite/compare/1.0.30001787...1.0.30001788\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron-to-chromium` from 1.5.335 to 1.5.340\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/6d2cfbd94acc00876df082b8070cd9a5a10d7f95\"\u003e\u003ccode\u003e6d2cfbd\u003c/code\u003e\u003c/a\u003e 1.5.340\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/d02552a0bb5306ada1816ea473c73fbbdc3127ca\"\u003e\u003ccode\u003ed02552a\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/ce4abfaef35e1530f139f4610c20df101228f2dd\"\u003e\u003ccode\u003ece4abfa\u003c/code\u003e\u003c/a\u003e 1.5.339\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/059f4579baa375d745ca5eef1772db3b469ca2b8\"\u003e\u003ccode\u003e059f457\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/e54c94b294c14d69b77d18525f7de1df0b06e7af\"\u003e\u003ccode\u003ee54c94b\u003c/code\u003e\u003c/a\u003e 1.5.338\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/fad2989206a816a6d3fda623310ab9e222427b04\"\u003e\u003ccode\u003efad2989\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/b09b91e1ddef39f6c1d6ffe91e2f252c50276894\"\u003e\u003ccode\u003eb09b91e\u003c/code\u003e\u003c/a\u003e 1.5.337\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/a12c2267d8abfb5ba7c5d745227c401104371842\"\u003e\u003ccode\u003ea12c226\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/655c29f1357a3e5d06d1a83a9ecb227a5c464884\"\u003e\u003ccode\u003e655c29f\u003c/code\u003e\u003c/a\u003e 1.5.336\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/edbc826153df76c9653c4067c1c87e7e7fe17cee\"\u003e\u003ccode\u003eedbc826\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kilian/electron-to-chromium/compare/v1.5.335...v1.5.340\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hasown` from 2.0.2 to 2.0.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/inspect-js/hasOwn/blob/main/CHANGELOG.md\"\u003ehasown's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/compare/v2.0.2...v2.0.3\"\u003ev2.0.3\u003c/a\u003e - 2026-04-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[actions] update workflows \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/fb837b849bcdb8416fdc8fd344edfacd5574696c\"\u003e\u003ccode\u003efb837b8\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@arethetypeswrong/cli\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003e@ljharb/tsconfig\u003c/code\u003e, \u003ccode\u003e@types/tape\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003emock-property\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/f4b279bd682be34b3f0ede2a58d4e8acb58d6d47\"\u003e\u003ccode\u003ef4b279b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e; migrate to flat config \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/7e415cee55ebf43b3c34d7fd86db73a9928b05f7\"\u003e\u003ccode\u003e7e415ce\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/ef313da342d33b60e23e738b9f5a86f6065f39ef\"\u003e\u003ccode\u003eef313da\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/d5c6d4d7a19c6ca4f14ac173b30d8bf25abcabee\"\u003e\u003ccode\u003ed5c6d4d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[types] add overload that narrows the key \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/cc03a097e9402fb8b86d413050e67f790dd6c8c5\"\u003e\u003ccode\u003ecc03a09\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/27ebd405917f8e154b6fc07a878dbbf289456ca3\"\u003e\u003ccode\u003e27ebd40\u003c/code\u003e\u003c/a\u003e v2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/fb837b849bcdb8416fdc8fd344edfacd5574696c\"\u003e\u003ccode\u003efb837b8\u003c/code\u003e\u003c/a\u003e [actions] update workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/cc03a097e9402fb8b86d413050e67f790dd6c8c5\"\u003e\u003ccode\u003ecc03a09\u003c/code\u003e\u003c/a\u003e [types] add overload that narrows the key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/f4b279bd682be34b3f0ede2a58d4e8acb58d6d47\"\u003e\u003ccode\u003ef4b279b\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@arethetypeswrong/cli\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, `@ljharb/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/ef313da342d33b60e23e738b9f5a86f6065f39ef\"\u003e\u003ccode\u003eef313da\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/7e415cee55ebf43b3c34d7fd86db73a9928b05f7\"\u003e\u003ccode\u003e7e415ce\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e; migrate to flat config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/d5c6d4d7a19c6ca4f14ac173b30d8bf25abcabee\"\u003e\u003ccode\u003ed5c6d4d\u003c/code\u003e\u003c/a\u003e [meta] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/inspect-js/hasOwn/compare/v2.0.2...v2.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.9 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.9...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puppeteer` from 24.40.0 to 24.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/releases\"\u003epuppeteer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epuppeteer-core: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epuppeteer: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-v24.40.0...puppeteer-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/...\n\n_Description has been truncated_","html_url":"https://github.com/Arelle/ixbrl-viewer/pull/1041","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arelle%2Fixbrl-viewer/issues/1041","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1041/packages"},{"uuid":"4291829638","node_id":"PR_kwDOOg_w_c7Twcgl","number":193,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T19:43:26.000Z","updated_at":"2026-04-19T19:47:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"playwright","old_version":"1.52.0","new_version":"1.55.1","repository_url":"https://github.com/microsoft/playwright"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"bn.js","old_version":"4.12.2","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"lodash-es","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.13","repository_url":"https://github.com/isaacs/node-tar"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [playwright](https://github.com/microsoft/playwright) | `1.52.0` | `1.55.1` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.2` | `4.12.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /SolidStartApp directory: [defu](https://github.com/unjs/defu) and [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /mobile-app directory: [picomatch](https://github.com/micromatch/picomatch) and [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser).\n\nUpdates `playwright` from 1.52.0 to 1.55.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/playwright/releases\"\u003eplaywright's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.55.1\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37479\"\u003emicrosoft/playwright#37479\u003c/a\u003e - [Bug]: Upgrade Chromium to 140.0.7339.186.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37147\"\u003emicrosoft/playwright#37147\u003c/a\u003e - [Regression]: Internal error: step id not found.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37146\"\u003emicrosoft/playwright#37146\u003c/a\u003e - [Regression]: HTML reporter displays a broken chip link when there are no projects.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/pull/37137\"\u003emicrosoft/playwright#37137\u003c/a\u003e - Revert \u0026quot;fix(a11y): track inert elements as hidden\u0026quot;.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/pull/37532\"\u003emicrosoft/playwright#37532\u003c/a\u003e - chore: do not use -k option\u003c/p\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChromium 140.0.7339.186\u003c/li\u003e\n\u003cli\u003eMozilla Firefox 141.0\u003c/li\u003e\n\u003cli\u003eWebKit 26.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version was also tested against the following stable channels:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle Chrome 139\u003c/li\u003e\n\u003cli\u003eMicrosoft Edge 139\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.55.0\u003c/h2\u003e\n\u003ch2\u003eNew APIs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew Property \u003ca href=\"https://playwright.dev/docs/api/class-teststepinfo#test-step-info-title-path\"\u003etestStepInfo.titlePath\u003c/a\u003e Returns the full title path starting from the test file, including test and step titles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCodegen\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomatic \u003ccode\u003etoBeVisible()\u003c/code\u003e assertions: Codegen can now generate automatic \u003ccode\u003etoBeVisible()\u003c/code\u003e assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Dropped support for Chromium extension manifest v2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMiscellaneous\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Debian 13 \u0026quot;Trixie\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChromium 140.0.7339.16\u003c/li\u003e\n\u003cli\u003eMozilla Firefox 141.0\u003c/li\u003e\n\u003cli\u003eWebKit 26.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version was also tested against the following stable channels:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle Chrome 139\u003c/li\u003e\n\u003cli\u003eMicrosoft Edge 139\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.54.2\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36714\"\u003emicrosoft/playwright#36714\u003c/a\u003e - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error)\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36828\"\u003emicrosoft/playwright#36828\u003c/a\u003e - [Regression]: Playwright Codegen keeps spamming with selected option\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36810\"\u003emicrosoft/playwright#36810\u003c/a\u003e - [Regression]: Starting Codegen with target language doesn't work anymore\u003c/p\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/ae51df7a35888f663553ab4e9c45d6cb6335397f\"\u003e\u003ccode\u003eae51df7\u003c/code\u003e\u003c/a\u003e chore: mark v1.55.1 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37530\"\u003e#37530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/86dde294ce7fc9dd62d2f7ce5afd0c79cff50140\"\u003e\u003ccode\u003e86dde29\u003c/code\u003e\u003c/a\u003e feat(chromium): roll to r1193 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37529\"\u003e#37529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/86328bc9f43da2fe2b9aba2822c79f8b4c0c7f72\"\u003e\u003ccode\u003e86328bc\u003c/code\u003e\u003c/a\u003e chore: do not use -k option (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37532\"\u003e#37532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/63799ba68340fde11445d4f48c12515c28dcc92a\"\u003e\u003ccode\u003e63799ba\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37214\"\u003e#37214\u003c/a\u003e): docs: fix method names in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/21e29a42ab090d7848a3c3255f05335ba0db424d\"\u003e\u003ccode\u003e21e29a4\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37153\"\u003e#37153\u003c/a\u003e): fix(html): don't display a chip with empty content with ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/ba62e6ab0d25f7415ffdf121e4e186aadb213be5\"\u003e\u003ccode\u003eba62e6a\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37149\"\u003e#37149\u003c/a\u003e): fix(test): attaching in boxed fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/25bb073f2697c98995871d40828604b0836c29b7\"\u003e\u003ccode\u003e25bb073\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37137\"\u003e#37137\u003c/a\u003e): Revert \u0026quot;fix(a11y): track inert elements as hidden (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36947\"\u003e#36947\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/f992162f04ae0b0b5a0f4b6114b894215be98995\"\u003e\u003ccode\u003ef992162\u003c/code\u003e\u003c/a\u003e chore: mark v1.55.0 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37121\"\u003e#37121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/4a92ea00253106c8bd4234b8d5be2e205d049012\"\u003e\u003ccode\u003e4a92ea0\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37113\"\u003e#37113\u003c/a\u003e): docs: add release-notes for v1.55\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/aa05507bbabc170abf7775bf0d3ddd2438dc384a\"\u003e\u003ccode\u003eaa05507\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37114\"\u003e#37114\u003c/a\u003e): test: move browser._launchServer in child process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/playwright/compare/v1.52.0...v1.55.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.2 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.2...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash-es` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash-es's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.4.3 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 5.29.0 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/romanchaa997/Audityzer/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nBump dependencies across root, `SolidStartApp`, and `mobile-app` to pick up security fixes and maintenance updates. Highlights: `playwright` 1.55.1, `lodash-es` 4.18.1, `tar` 7.5.13, `undici` 6.25.0, and `@codecov/solidstart-plugin` v2.\n\n- **Dependencies**\n  - Root: `playwright` 1.55.1; `lodash-es` 4.18.1 (security); `tar` 7.5.13; `basic-ftp` 5.3.0 (security); `flatted` 3.4.2; `bn.js` 4.12.3.\n  - SolidStartApp: `@codecov/solidstart-plugin` 2.0.1 (Node 20); `defu` 6.1.7 (prototype pollution fix); `undici` 6.25.0 (security).\n  - Mobile app: `picomatch` 2.3.2 (security); `fast-xml-parser` 4.5.6.\n\n- **Migration**\n  - `SolidStartApp` dev environment now requires Node 20+ (due to `@codecov/*` v2).\n  - Reinstall deps after merge. If E2E fails locally, run `npx playwright install`.\n\n\u003csup\u003eWritten for commit ee962edc9da327c351e2c3d02211d4b3233f1224. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/romanchaa997/Audityzer/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanchaa997%2FAudityzer/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"},{"uuid":"4291054989","node_id":"PR_kwDOEAWEP87TuN4Y","number":1583,"state":"open","title":"Bump the server-npm-security group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T14:05:12.000Z","updated_at":"2026-04-25T19:48:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"server-npm-security","update_count":5,"packages":[{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"libxmljs2","old_version":"0.35.0","new_version":"0.37.0","repository_url":"https://github.com/marudor/libxmljs2"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"6.2.1","new_version":"7.5.13"}],"path":null,"ecosystem":"npm"},"body":"Bumps the server-npm-security group with 4 updates in the /td.server directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp), [flatted](https://github.com/WebReflection/flatted), [libxmljs2](https://github.com/marudor/libxmljs2) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `libxmljs2` from 0.35.0 to 0.37.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marudor/libxmljs2/commit/02594219a0220795a402a74c65f217d0f3e565f3\"\u003e\u003ccode\u003e0259421\u003c/code\u003e\u003c/a\u003e chore: support node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/marudor/libxmljs2/compare/v0.35.0...v0.37.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 6.2.1 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/OWASP/threat-dragon/pull/1583","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fthreat-dragon/issues/1583","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1583/packages"},{"uuid":"4290686398","node_id":"PR_kwDOR_mqFc7TtIBg","number":1,"state":"open","title":"chore(deps): Bump the npm_and_yarn group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T11:23:16.000Z","updated_at":"2026-04-19T11:24:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"next","old_version":"15.1.11","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"protobufjs","old_version":"7.4.0","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"react-router","old_version":"7.1.5","new_version":"7.14.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"yaml","old_version":"2.7.0","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `15.1.11` | `15.5.15` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.4.0` | `7.5.5` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.1.5` | `7.14.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.8.3` |\n\n\nUpdates `next` from 15.1.11 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.11...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.4.0 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-03-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump protobufjs dependency version for cli package (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2128\"\u003e#2128\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377\"\u003e549b05e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecorrect json syntax in tsconfig.json (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2120\"\u003e#2120\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687\"\u003e8065625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edescriptor:\u003c/strong\u003e guard oneof index for non-Type parents (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2122\"\u003e#2122\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728\"\u003e1cac5cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad\"\u003ef05e3c3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75\"\u003e535df44\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7\"\u003e53e8492\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `react-router` from 7.1.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/releases\"\u003ereact-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.14.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.14.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.6\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.5\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.4\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.3\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md\"\u003ereact-router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.14.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential race condition that can occur when rendering a \u003ccode\u003eHydrateFallback\u003c/code\u003e and initial loaders land before the \u003ccode\u003erouter.subscribe\u003c/code\u003e call happens in the \u003ccode\u003eRouterProvider\u003c/code\u003e layout effect\u003c/li\u003e\n\u003cli\u003eNormalize double-slashes in redirect paths\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.14.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14901\"\u003e#14901\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eServer Component Export\u003c/th\u003e\n\u003cth\u003eClient Component\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerComponent\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003edefault\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerErrorBoundary\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eErrorBoundary\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerLayout\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eLayout\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerHydrateFallback\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eHydrateFallback\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eIf you were previously exporting a \u003ccode\u003eServerComponent\u003c/code\u003e, your \u003ccode\u003eErrorBoundary\u003c/code\u003e, \u003ccode\u003eLayout\u003c/code\u003e, and \u003ccode\u003eHydrateFallback\u003c/code\u003e were also server components. If you want to keep those as server components, you can rename them and prefix them with \u003ccode\u003eServer\u003c/code\u003e. If you were previously importing the implementations of those components from a client module, you can simply inline them.\u003c/p\u003e\n\u003cp\u003eExample:\u003c/p\u003e\n\u003cp\u003eBefore\u003c/p\u003e\n\u003cpre lang=\"tsx\"\u003e\u003ccode\u003eimport { ErrorBoundary as ClientErrorBoundary } from \u0026quot;./client\u0026quot;;\n\u003cp\u003eexport function ServerComponent() {\n// ...\n}\u003c/p\u003e\n\u003cp\u003eexport function ErrorBoundary() {\nreturn \u0026lt;ClientErrorBoundary /\u0026gt;;\n}\u003c/p\u003e\n\u003cp\u003eexport function Layout() {\n// ...\n}\u003c/p\u003e\n\u003cp\u003eexport function HydrateFallback() {\n// ...\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eAfter\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/197674ba9fc1b72b452e17894e5e783bdab7a087\"\u003e\u003ccode\u003e197674b\u003c/code\u003e\u003c/a\u003e Release 7.14.1 (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14973\"\u003e#14973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/583fcce37b44e71d5bdd82ee7c5bccf300c77d53\"\u003e\u003ccode\u003e583fcce\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/05f80c8b0fce9519ba88f2f379daf7660391a40e\"\u003e\u003ccode\u003e05f80c8\u003c/code\u003e\u003c/a\u003e Migrate changesets files to .changes files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/a87774f997d8ba497c97562840f0766250c3e4ce\"\u003e\u003ccode\u003ea87774f\u003c/code\u003e\u003c/a\u003e Add new release process (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14916\"\u003e#14916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f6d126809e88cc97fe206eae673f12ebbf2ed18c\"\u003e\u003ccode\u003ef6d1268\u003c/code\u003e\u003c/a\u003e Add new release process (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14916\"\u003e#14916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/4547c80150032849dc4d85fc76c122219eea2939\"\u003e\u003ccode\u003e4547c80\u003c/code\u003e\u003c/a\u003e Fix rendering/router.subscribe race condition during hydration (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14497\"\u003e#14497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f7a01300d80967c566e08a666431ae40b89d6a63\"\u003e\u003ccode\u003ef7a0130\u003c/code\u003e\u003c/a\u003e Consolidate slash handling (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14962\"\u003e#14962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/b768d621a69e99055ff27a50030c4915f5798665\"\u003e\u003ccode\u003eb768d62\u003c/code\u003e\u003c/a\u003e Update redirect docs with note on validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/80c67a953dab25811fd3f3b4e85ee0e43591300c\"\u003e\u003ccode\u003e80c67a9\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/201cd41be3e2fadf0fe851d9ac6c836458707ca3\"\u003e\u003ccode\u003e201cd41\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/remix-run/react-router/commits/react-router@7.14.1/packages/react-router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for react-router since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.7.0 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930\"\u003e\u003ccode\u003e086fa6b\u003c/code\u003e\u003c/a\u003e 2.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752\"\u003e\u003ccode\u003e95f01e9\u003c/code\u003e\u003c/a\u003e chore: Add funding to package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.7.0...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shreybansal365/StudentSphere/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/shreybansal365/StudentSphere/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shreybansal365%2FStudentSphere/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4290647751","node_id":"PR_kwDOQhEafs7TtBRQ","number":25,"state":"closed","title":"build(deps): bump basic-ftp from 5.2.0 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-19T11:04:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T11:02:34.000Z","updated_at":"2026-04-19T11:04:14.000Z","time_to_close":96,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.0\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/renleihaokun/Mizuki-blog/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/renleihaokun/Mizuki-blog/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/renleihaokun%2FMizuki-blog/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4289299684","node_id":"PR_kwDORpDpkM7TpGD3","number":7,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript","configuration"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T22:04:16.000Z","updated_at":"2026-04-18T22:08:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"axios","old_version":"1.14.0","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [axios](https://github.com/axios/axios), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\n\nUpdates `axios` from 1.14.0 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 — April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Nick2bad4u/eslint-plugin-write-good-comments-2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Nick2bad4u/eslint-plugin-write-good-comments-2/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nick2bad4u%2Feslint-plugin-write-good-comments-2/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}],"issue_packages":[{"old_version":"5.2.1","new_version":"5.3.1","update_type":"minor","path":null,"pr_created_at":"2026-04-28T08:42:20.000Z","version_change":"5.2.1 → 5.3.1","issue":{"uuid":"4341754387","node_id":"PR_kwDOMbEDbc7WQp5z","number":507,"state":"open","title":"Bump basic-ftp from 5.2.1 to 5.3.1","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T08:42:20.000Z","updated_at":"2026-04-28T08:44:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"basic-ftp","old_version":"5.2.1","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.1 to 5.3.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.1...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.1\u0026new-version=5.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DEFRA/forms-submission-api/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/DEFRA/forms-submission-api/pull/507","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DEFRA%2Fforms-submission-api/issues/507","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/507/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":"/development/fetchLicenses","pr_created_at":"2026-04-25T05:41:30.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4327207620","node_id":"PR_kwDOSBDyV87VjRzq","number":1,"state":"closed","title":"Build(deps): Bump basic-ftp from 5.2.0 to 5.3.0 in /development/fetchLicenses","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T05:44:55.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T05:41:30.000Z","updated_at":"2026-04-25T05:44:56.000Z","time_to_close":205,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Build(deps): Bump","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":"/development/fetchLicenses","ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.0\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kakashijk/androidx/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/kakashijk/androidx/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakashijk%2Fandroidx/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T04:45:40.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4327093295","node_id":"PR_kwDORr1rPs7Vi7lM","number":64,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T04:45:40.000Z","updated_at":"2026-04-25T04:48:41.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@nestjs/core","old_version":"11.1.16","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"axios","old_version":"1.13.5","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"dompurify","old_version":"3.3.3","new_version":"3.4.0","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"drizzle-orm","old_version":"0.44.7","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"next","old_version":"14.2.35","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"electron","old_version":"36.0.1","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"protobufjs","old_version":"7.5.3","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.16` | `11.1.18` |\n| [axios](https://github.com/axios/axios) | `1.13.5` | `1.15.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.0` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.44.7` | `0.45.2` |\n| [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.15` |\n| [electron](https://github.com/electron/electron) | `36.0.1` | `39.8.5` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.5` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n\nBumps the npm_and_yarn group with 4 updates in the /packages/twenty-apps/internal/call-recording directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [axios](https://github.com/axios/axios), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-companion directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-server directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) and [dompurify](https://github.com/cure53/DOMPurify).\nBumps the npm_and_yarn group with 4 updates in the /packages/twenty-server/src/engine/core-modules/application/application-package/constants/seed-dependencies directory: [axios](https://github.com/axios/axios), [nodemailer](https://github.com/nodemailer/nodemailer), [follow-redirects](https://github.com/follow-redirects/follow-redirects) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-server/src/engine/core-modules/logic-function/logic-function-drivers/constants/common-layer-dependencies directory: [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-website directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [next](https://github.com/vercel/next.js).\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.16 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e\u003ccode\u003e@​nestjs/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.13.5 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.3 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.3...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 8.0.4 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `drizzle-orm` from 0.44.7 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.44.7...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.35 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.35...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 36.0.1 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v36.0.1...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Action...\n\n_Description has been truncated_","html_url":"https://github.com/jeremydh911/CRM/pull/64","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremydh911%2FCRM/issues/64","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/64/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T04:41:39.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4327084431","node_id":"PR_kwDORr1rPs7Vi5tv","number":59,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 7 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T04:46:24.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T04:41:39.000Z","updated_at":"2026-04-25T04:46:26.000Z","time_to_close":285,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"vite","old_version":"7.1.12","new_version":"7.3.2","repository_url":"https://github.com/vitejs/vite"},{"name":"@nestjs/core","old_version":"11.1.16","new_version":"11.1.18","repository_url":"https://github.com/nestjs/nest"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"},{"name":"drizzle-orm","old_version":"0.44.7","new_version":"0.45.2","repository_url":"https://github.com/drizzle-team/drizzle-orm"},{"name":"next","old_version":"14.2.35","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"electron","old_version":"36.0.1","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"defu","old_version":"6.1.4","new_version":"6.1.7","repository_url":"https://github.com/unjs/defu"},{"name":"nodemailer","old_version":"8.0.4","new_version":"8.0.5","repository_url":"https://github.com/nodemailer/nodemailer"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.1.12` | `7.3.2` |\n| [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core) | `11.1.16` | `11.1.18` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.44.7` | `0.45.2` |\n| [next](https://github.com/vercel/next.js) | `14.2.35` | `15.5.15` |\n| [electron](https://github.com/electron/electron) | `36.0.1` | `39.8.5` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [defu](https://github.com/unjs/defu) | `6.1.4` | `6.1.7` |\n| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |\n\nBumps the npm_and_yarn group with 3 updates in the /packages/twenty-apps/internal/call-recording directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-companion directory: [electron](https://github.com/electron/electron).\nBumps the npm_and_yarn group with 1 update in the /packages/twenty-server directory: [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core).\nBumps the npm_and_yarn group with 3 updates in the /packages/twenty-server/src/engine/core-modules/application/application-package/constants/seed-dependencies directory: [nodemailer](https://github.com/nodemailer/nodemailer), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-server/src/engine/core-modules/logic-function/logic-function-drivers/constants/common-layer-dependencies directory: [brace-expansion](https://github.com/juliangruber/brace-expansion) and [lodash](https://github.com/lodash/lodash).\nBumps the npm_and_yarn group with 2 updates in the /packages/twenty-website directory: [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) and [next](https://github.com/vercel/next.js).\n\nUpdates `vite` from 7.1.12 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@nestjs/core` from 11.1.16 to 11.1.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nestjs/nest/releases\"\u003e\u003ccode\u003e@​nestjs/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev11.1.18 (2026-04-03)\u003c/h2\u003e\n\u003ch4\u003eBug fixes\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16675\"\u003e#16675\u003c/a\u003e fix(microservices): preserve packet headers in nats serializer (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16683\"\u003e#16683\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16637\"\u003e#16637\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16686\"\u003enestjs/nest#16686\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecore\u003c/code\u003e, \u003ccode\u003eplatform-express\u003c/code\u003e, \u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16679\"\u003e#16679\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16623\"\u003e#16623\u003c/a\u003e fix(deps): update dependency fastify to v5.8.4 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-ws\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16618\"\u003e#16618\u003c/a\u003e chore(deps): bump ws from 8.19.0 to 8.20.0 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16619\"\u003e#16619\u003c/a\u003e chore(deps): bump file-type from 21.3.3 to 21.3.4 (\u003ca href=\"https://github.com/apps/dependabot\"\u003e\u003ccode\u003e@​dependabot[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 6\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eAnkit San (\u003ca href=\"https://github.com/ankitbelal\"\u003e\u003ccode\u003e@​ankitbelal\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eJakob Staudinger (\u003ca href=\"https://github.com/JakobStaudinger\"\u003e\u003ccode\u003e@​JakobStaudinger\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKrishna Chaitanya (\u003ca href=\"https://github.com/Krishnachaitanyakc\"\u003e\u003ccode\u003e@​Krishnachaitanyakc\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMK (\u003ca href=\"https://github.com/wwenrr\"\u003e\u003ccode\u003e@​wwenrr\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eyoumoo (\u003ca href=\"https://github.com/Youmoo\"\u003e\u003ccode\u003e@​Youmoo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev11.1.17 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003eEnhancements\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emicroservices\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16218\"\u003e#16218\u003c/a\u003e feat(microservices): add redis driver identification (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eBugs\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eauto-run middleware for HEAD requests as fastify redirects them to GET handlers (effectively skipping middleware execution) \u003ca href=\"https://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\"\u003ehttps://github.com/nestjs/nest/commit/cbdf737cd6e7cefa52d05ecea2ae4af95c464614\u003c/a\u003e (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eDependencies\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecommon\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16567\"\u003e#16567\u003c/a\u003e fix(deps): update dependency file-type to v21.3.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eplatform-fastify\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/nestjs/nest/pull/16533\"\u003e#16533\u003c/a\u003e fix(deps): update dependency fastify to v5.8.2 (\u003ca href=\"https://github.com/apps/renovate\"\u003e\u003ccode\u003e@​renovate[bot]\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eRohan Santhosh Kumar (\u003ca href=\"https://github.com/Rohan5commit\"\u003e\u003ccode\u003e@​Rohan5commit\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eVasil Chomakov (\u003ca href=\"https://github.com/vchomakov\"\u003e\u003ccode\u003e@​vchomakov\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKamil Mysliwiec (\u003ca href=\"https://github.com/kamilmysliwiec\"\u003e\u003ccode\u003e@​kamilmysliwiec\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/3c1cc5f91e95fcec27c3694cd42a08a50e85cc5f\"\u003e\u003ccode\u003e3c1cc5f\u003c/code\u003e\u003c/a\u003e chore(release): publish v11.1.18 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/0f962c75a474b08fbc1bdf072b89eda14151c856\"\u003e\u003ccode\u003e0f962c7\u003c/code\u003e\u003c/a\u003e fix(core): sanitize sse message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/94aa4242f622d6f6b071c35dbcd90e0f2f3f32de\"\u003e\u003ccode\u003e94aa424\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16679\"\u003e#16679\u003c/a\u003e from nestjs/renovate/path-to-regexp-8.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/368691c35fa221b68baad8d4e569d9d8685c0ea1\"\u003e\u003ccode\u003e368691c\u003c/code\u003e\u003c/a\u003e fix(core): prevent injector hang when design:paramtypes is missing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/25d4fdef37ac20930cc66b1283267651631e26f8\"\u003e\u003ccode\u003e25d4fde\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/5c0b11e20c35c0a5692c16187519982091d57150\"\u003e\u003ccode\u003e5c0b11e\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/f7d4460f0b34bd4a70be4552c3ca9e11eaecdb8c\"\u003e\u003ccode\u003ef7d4460\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://github.com/nestjs/nest/tree/HEAD/packages/core/issues/16637\"\u003e#16637\u003c/a\u003e from JakobStaudinger/moduleref-create-transient-sco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/d0a9dc97acba4ae7b33d9a46d8941f4ad6b3b914\"\u003e\u003ccode\u003ed0a9dc9\u003c/code\u003e\u003c/a\u003e fix(deps): update dependency path-to-regexp to v8.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/46774340b61d8e5751b13ba95a27628267266be3\"\u003e\u003ccode\u003e4677434\u003c/code\u003e\u003c/a\u003e feat(core): export \u003ccode\u003eIEntryNestModule\u003c/code\u003e type\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nestjs/nest/commit/7493b94647fc51d6d774f1e20f1b2f66c692182f\"\u003e\u003ccode\u003e7493b94\u003c/code\u003e\u003c/a\u003e fix(core): dependency injection edge case with moduleref.create\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nestjs/nest/commits/v11.1.18/packages/core\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nodemailer` from 8.0.4 to 8.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/releases\"\u003enodemailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md\"\u003enodemailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003e8.0.5\u003c/a\u003e (2026-04-07)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edecode SMTP server responses as UTF-8 at line boundary (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e95876b1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e0a43876\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/202cfb3e14010223204e9ba9f7430176be624f0f\"\u003e\u003ccode\u003e202cfb3\u003c/code\u003e\u003c/a\u003e chore(master): release 8.0.5 (\u003ca href=\"https://redirect.github.com/nodemailer/nodemailer/issues/1809\"\u003e#1809\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/b634abf05959edcc7207cdaba2c6541f92994cbb\"\u003e\u003ccode\u003eb634abf\u003c/code\u003e\u003c/a\u003e docs: add CLAUDE.md with project conventions and release process\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/95876b103e587e49583e43f88cb2c3a61556f3ac\"\u003e\u003ccode\u003e95876b1\u003c/code\u003e\u003c/a\u003e fix: decode SMTP server responses as UTF-8 at line boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/0a43876801a420ca528f492eaa01bfc421cc306e\"\u003e\u003ccode\u003e0a43876\u003c/code\u003e\u003c/a\u003e fix: sanitize CRLF in transport name option to prevent SMTP command injection...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodemailer/nodemailer/commit/08e59e64d0f8595fa535f07061787e0946372657\"\u003e\u003ccode\u003e08e59e6\u003c/code\u003e\u003c/a\u003e chore: update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `drizzle-orm` from 0.44.7 to 0.45.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/releases\"\u003edrizzle-orm's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.45.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003esql.identifier()\u003c/code\u003e, \u003ccode\u003esql.as()\u003c/code\u003e escaping issues. Previously all the values passed to this functions were not properly escaped\ncausing a possible SQL Injection (CWE-89) vulnerability\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/EthanKim88\"\u003e\u003ccode\u003e@​EthanKim88\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/0x90sh\"\u003e\u003ccode\u003e@​0x90sh\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/wgoodall01\"\u003e\u003ccode\u003e@​wgoodall01\u003c/code\u003e\u003c/a\u003e for reaching out to us with a reproduction and suggested fix\u003c/p\u003e\n\u003ch2\u003e0.45.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions breaking in environments with forbidden \u003ccode\u003erequire()\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5107\"\u003e#5107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.45.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed pg-native Pool detection in node-postgres transactions\u003c/li\u003e\n\u003cli\u003eAllowed subqueries in select fields\u003c/li\u003e\n\u003cli\u003eUpdated typo algorythm =\u0026gt; algorithm\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003e$onUpdate\u003c/code\u003e not handling \u003ccode\u003eSQL\u003c/code\u003e values (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/2388\"\u003e#2388\u003c/a\u003e, tests implemented by \u003ca href=\"https://github.com/L-Mario564\"\u003eL-Mario564\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/pull/2911\"\u003e#2911\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003epg\u003c/code\u003e mappers not handling \u003ccode\u003eDate\u003c/code\u003e instances in \u003ccode\u003ebun-sql:postgresql\u003c/code\u003e driver responses for \u003ccode\u003edate\u003c/code\u003e, \u003ccode\u003etimestamp\u003c/code\u003e types (fixes \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/4493\"\u003e#4493\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/273c78071d4841b497f5144734b38294df7ec64b\"\u003e\u003ccode\u003e273c780\u003c/code\u003e\u003c/a\u003e + 0.45.2 (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5534\"\u003e#5534\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/4aa6ecfee4b4728dadf6f77f071a149878a3c6c0\"\u003e\u003ccode\u003e4aa6ecf\u003c/code\u003e\u003c/a\u003e Kit updates (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5490\"\u003e#5490\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e8e6edfef5ca69c6188d320388ad440265911057\"\u003e\u003ccode\u003ee8e6edf\u003c/code\u003e\u003c/a\u003e feat(drizzle-kit): support d1 via binding (\u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5302\"\u003e#5302\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/a086f59fba7f46f3a077893ba912c99e91eaa760\"\u003e\u003ccode\u003ea086f59\u003c/code\u003e\u003c/a\u003e Fixed pg-native Pool detection in node-postgres transactions breaking in envi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/c445637df39366bcf47b12601896ce851771c1c2\"\u003e\u003ccode\u003ec445637\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5095\"\u003e#5095\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/e7b3aaa26456b88cd23a7843ebc95b3bddde1ba4\"\u003e\u003ccode\u003ee7b3aaa\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/0d885a54ddafd8717f8610cf3d2899f3eef61e65\"\u003e\u003ccode\u003e0d885a5\u003c/code\u003e\u003c/a\u003e refactor: Update condition for run-feature job to improve clarity and functio...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/45a1ffbcbfdd96772d0aba7d9e43744db2dce471\"\u003e\u003ccode\u003e45a1ffb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/drizzle-team/drizzle-orm/issues/5087\"\u003e#5087\u003c/a\u003e from drizzle-team/main-workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/6357645bd33b1f444e1d081769dd4b71c3de31f8\"\u003e\u003ccode\u003e6357645\u003c/code\u003e\u003c/a\u003e chore: Comment out NEON_HTTP_CONNECTION_STRING requirement in release workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/drizzle-team/drizzle-orm/commit/53dec98a936f549d0cc2e668f19db3a2df842f51\"\u003e\u003ccode\u003e53dec98\u003c/code\u003e\u003c/a\u003e refactor: Simplify release router workflow by removing unnecessary switch job...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/drizzle-team/drizzle-orm/compare/0.44.7...0.45.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for drizzle-orm since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.35 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.35...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron` from 36.0.1 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v36.0.1...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/...\n\n_Description has been truncated_","html_url":"https://github.com/jeremydh911/CRM/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/jeremydh911%2FCRM/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}},{"old_version":"5.1.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T02:49:16.000Z","version_change":"5.1.0 → 5.3.0","issue":{"uuid":"4326802273","node_id":"PR_kwDORuCjd87ViADx","number":1,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-25T02:49:16.000Z","updated_at":"2026-04-25T02:49:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":6,"packages":[{"name":"@hono/node-server","old_version":"1.19.9","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"openclaw","old_version":"2026.2.17","new_version":"2026.4.23","repository_url":"https://github.com/openclaw/openclaw"},{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.0"},{"name":"fast-xml-parser","old_version":"5.3.6","new_version":"5.7.1"},{"name":"hono","old_version":"4.11.10","new_version":"4.12.15"},{"name":"protobufjs","old_version":"6.8.8","new_version":"7.5.4"},{"name":"openclaw","old_version":"2026.2.17","new_version":"2026.4.23","repository_url":"https://github.com/openclaw/openclaw"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the / directory: [@hono/node-server](https://github.com/honojs/node-server) and [openclaw](https://github.com/openclaw/openclaw).\n\nUpdates `@hono/node-server` from 1.19.9 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e\u003ccode\u003e@​hono/node-server\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.10\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (\u003ccode\u003e%2F\u003c/code\u003e handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-wc8c-qw6v-h7f6 for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/2f8ca3665f5257305603783ec9999bd1a9bec0f2\"\u003e\u003ccode\u003e2f8ca36\u003c/code\u003e\u003c/a\u003e 1.19.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.9...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openclaw` from 2026.2.17 to 2026.4.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openclaw/openclaw/releases\"\u003eopenclaw's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopenclaw 2026.4.23\u003c/h2\u003e\n\u003ch2\u003e2026.4.23\u003c/h2\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProviders/OpenAI: add image generation and reference-image editing through Codex OAuth, so \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e works without an \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70703\"\u003e#70703\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: add image generation and reference-image editing through \u003ccode\u003eimage_generate\u003c/code\u003e, so OpenRouter image models work with \u003ccode\u003eOPENROUTER_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/55066\"\u003e#55066\u003c/a\u003e via \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67668\"\u003e#67668\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/notamicrodose\"\u003e\u003ccode\u003e@​notamicrodose\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImage generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the \u003ccode\u003eimage_generate\u003c/code\u003e tool. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70503\"\u003e#70503\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/ottodeng\"\u003e\u003ccode\u003e@​ottodeng\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/subagents: add optional forked context for native \u003ccode\u003esessions_spawn\u003c/code\u003e runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.\u003c/li\u003e\n\u003cli\u003eAgents/tools: add optional per-call \u003ccode\u003etimeoutMs\u003c/code\u003e support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.\u003c/li\u003e\n\u003cli\u003eMemory/local embeddings: add configurable \u003ccode\u003ememorySearch.local.contextSize\u003c/code\u003e with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70544\"\u003e#70544\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/aalekh-sarvam\"\u003e\u003ccode\u003e@​aalekh-sarvam\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDependencies/Pi: update bundled Pi packages to \u003ccode\u003e0.70.0\u003c/code\u003e, use Pi's upstream \u003ccode\u003egpt-5.5\u003c/code\u003e catalog metadata for OpenAI and OpenAI Codex, and keep only local \u003ccode\u003egpt-5.5-pro\u003c/code\u003e forward-compat handling.\u003c/li\u003e\n\u003cli\u003eCodex harness: add structured debug logging for embedded harness selection decisions so \u003ccode\u003e/status\u003c/code\u003e stays simple while gateway logs explain auto-selection and Pi fallback reasons. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70760\"\u003e#70760\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/100yenadmin\"\u003e\u003ccode\u003e@​100yenadmin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCodex harness: route native \u003ccode\u003erequest_user_input\u003c/code\u003e prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.\u003c/li\u003e\n\u003cli\u003eCodex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70809\"\u003e#70809\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/jalehman\"\u003e\u003ccode\u003e@​jalehman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70932\"\u003e#70932\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBlock streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70921\"\u003e#70921\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex harness/Windows: resolve npm-installed \u003ccode\u003ecodex.cmd\u003c/code\u003e shims through PATHEXT before starting the native app-server, so \u003ccode\u003ecodex/*\u003c/code\u003e models work without a manual \u003ccode\u003e.exe\u003c/code\u003e shim. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70913\"\u003e#70913\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSlack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal \u0026quot;Working…\u0026quot; traces no longer leak into rooms. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70912\"\u003e#70912\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/61556\"\u003e#61556\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/VictorJeon\"\u003e\u003ccode\u003e@​VictorJeon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eTelegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits \u003ccode\u003e![https://github.com/openclaw/openclaw/blob/HEAD/...](https://github.com/openclaw/openclaw/blob/HEAD/...)\u003c/code\u003e instead of a \u003ccode\u003eMEDIA:\u003c/code\u003e token. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/66191\"\u003e#66191\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/apezam\"\u003e\u003ccode\u003e@​apezam\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging \u003ccode\u003esurface_error\u003c/code\u003e and leaving webchat with no rendered error. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70124\"\u003e#70124\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70848\"\u003e#70848\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks \u003ca href=\"https://github.com/mcaxtr\"\u003e\u003ccode\u003e@​mcaxtr\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/CLI: declare the built-in \u003ccode\u003elocal\u003c/code\u003e embedding provider in the memory-core manifest, so standalone \u003ccode\u003eopenclaw memory status\u003c/code\u003e, \u003ccode\u003eindex\u003c/code\u003e, and \u003ccode\u003esearch\u003c/code\u003e can resolve local embeddings just like the gateway runtime. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70836\"\u003e#70836\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70873\"\u003e#70873\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/mattznojassist\"\u003e\u003ccode\u003e@​mattznojassist\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/68513\"\u003e#68513\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/44276\"\u003e#44276\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/51656\"\u003e#51656\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70212\"\u003e#70212\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.\u003c/li\u003e\n\u003cli\u003eMedia understanding: honor explicit image-model configuration before native-vision skips, including \u003ccode\u003eagents.defaults.imageModel\u003c/code\u003e, \u003ccode\u003etools.media.image.models\u003c/code\u003e, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/47614\"\u003e#47614\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/63722\"\u003e#63722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/69171\"\u003e#69171\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex/media understanding: support \u003ccode\u003ecodex/*\u003c/code\u003e image models through bounded Codex app-server image turns, while keeping \u003ccode\u003eopenai-codex/*\u003c/code\u003e on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70201\"\u003e#70201\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI Codex: synthesize the \u003ccode\u003eopenai-codex/gpt-5.5\u003c/code\u003e OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with \u003ccode\u003eUnknown model\u003c/code\u003e while the account is authenticated.\u003c/li\u003e\n\u003cli\u003eModels/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70820\"\u003e#70820\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: route \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e through configured Codex OAuth directly when an \u003ccode\u003eopenai-codex\u003c/code\u003e profile is active, instead of probing \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e first.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eOpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference \u003ccode\u003egpt-image-2\u003c/code\u003e edits. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70642\"\u003e#70642\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/dashhuang\"\u003e\u003ccode\u003e@​dashhuang\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70410\"\u003e#70410\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use \u003ccode\u003eimage_generate\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67216\"\u003e#67216\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70423\"\u003e#70423\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/giangthb\"\u003e\u003ccode\u003e@​giangthb\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN \u003ccode\u003eimage_generate\u003c/code\u003e routes work without disabling SSRF checks globally. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/62879\"\u003e#62879\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/seitzbg\"\u003e\u003ccode\u003e@​seitzbg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: stop advertising the removed \u003ccode\u003egpt-5.3-codex-spark\u003c/code\u003e Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70719\"\u003e#70719\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70741\"\u003e#70741\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Patrick-Erichsen\"\u003e\u003ccode\u003e@​Patrick-Erichsen\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70673\"\u003e#70673\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/chinar-amrutkar\"\u003e\u003ccode\u003e@​chinar-amrutkar\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to \u003ccode\u003eMEMORY.md\u003c/code\u003e instead of staying on broad workspace markdown indexing.\u003c/li\u003e\n\u003cli\u003eAgents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/QR: replace legacy \u003ccode\u003eqrcode-terminal\u003c/code\u003e QR rendering with bounded \u003ccode\u003eqrcode-tui\u003c/code\u003e helpers for plugin login/setup flows. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/65969\"\u003e#65969\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eVoice-call/realtime: wait for OpenAI session configuration before greeting or forwarding buffered audio, and reject non-allowlisted Twilio callers before stream setup. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/43501\"\u003e#43501\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/forrestblount\"\u003e\u003ccode\u003e@​forrestblount\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eACPX/Codex: stop materializing \u003ccode\u003eauth.json\u003c/code\u003e bridge files for Codex ACP, Codex app-server, and Codex CLI runs; Codex-owned runtimes now use their normal \u003ccode\u003eCODEX_HOME\u003c/code\u003e/\u003ccode\u003e~/.codex\u003c/code\u003e auth path directly.\u003c/li\u003e\n\u003cli\u003eAuto-reply/system events: route async exec-event completion replies through the persisted session delivery context, so long-running command results return to the originating channel instead of being dropped when live origin metadata is missing. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70258\"\u003e#70258\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/wzfukui\"\u003e\u003ccode\u003e@​wzfukui\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/sessions: extend the webchat session-mutation guard to \u003ccode\u003esessions.compact\u003c/code\u003e and \u003ccode\u003esessions.compaction.restore\u003c/code\u003e, so \u003ccode\u003eWEBCHAT_UI\u003c/code\u003e clients are rejected from compaction-side session mutations consistently with the existing patch/delete guards. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70716\"\u003e#70716\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/drobison00\"\u003e\u003ccode\u003e@​drobison00\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/a9797214338ba31c52c796adbb75afb16e0684a9\"\u003e\u003ccode\u003ea979721\u003c/code\u003e\u003c/a\u003e fix: stage WhatsApp runtime deps before setup login\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/9b18ae877018a34933e27bb7b2986cb97e9602aa\"\u003e\u003ccode\u003e9b18ae8\u003c/code\u003e\u003c/a\u003e chore: refresh release schema version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/b42c47804b0c116abf06d4794bf4ece882d87f3b\"\u003e\u003ccode\u003eb42c478\u003c/code\u003e\u003c/a\u003e chore: release 2026.4.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/a58ee7c8bc92ad36330c3d86b19a7ba11025f826\"\u003e\u003ccode\u003ea58ee7c\u003c/code\u003e\u003c/a\u003e fix(release): accept logged cross-os agent output\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/855872986ea36a42e91800d7c571bcb4fc2bab26\"\u003e\u003ccode\u003e8558729\u003c/code\u003e\u003c/a\u003e fix(release): harden subagent completion delivery\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/137e397f9c612708bcb144736aec467d4eb46030\"\u003e\u003ccode\u003e137e397\u003c/code\u003e\u003c/a\u003e fix: escape Parallels config scrub script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/0d1c97bfcc511365bec8b92e987bd72bb5843943\"\u003e\u003ccode\u003e0d1c97b\u003c/code\u003e\u003c/a\u003e fix: use node for Parallels config scrub\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/805d552601ef518c8b6f54649c453d8249eac08f\"\u003e\u003ccode\u003e805d552\u003c/code\u003e\u003c/a\u003e chore: bump release beta to 2026.4.23-beta.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/8b2bbde8a4f1632646554ea022c9f5032b6a49ba\"\u003e\u003ccode\u003e8b2bbde\u003c/code\u003e\u003c/a\u003e test: harden live docker aggregate flakes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/openclaw/openclaw/commit/dc48fb756cf5de5a4ddfe1ce9fc46549e1354787\"\u003e\u003ccode\u003edc48fb7\u003c/code\u003e\u003c/a\u003e [codex] fix agent session-id routing (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70985\"\u003e#70985\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/openclaw/openclaw/compare/v2026.2.17...v2026.4.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for openclaw since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003epreinstall\u003c/code\u003e, \u003ccode\u003epostinstall\u003c/code\u003e scripts that run during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 5.3.6 to 5.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003cli\u003eprepare rawAttrsForMatcher only if user sets \u003ccode\u003ejPath: false\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.9...v5.5.10\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003efix typins and matcher instance in callbacks\u003c/h2\u003e\n\u003cp\u003ecombine typings file to avoid configuration changes\npass readonly instance of matcher to the call backs to avoid accidental push/pop call\u003c/p\u003e\n\u003ch2\u003efix bugs of entity parsing and value parsing\u003c/h2\u003e\n\u003cp\u003efix: entity expansion limits\nupdate strnum package to 2.2.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.12 / 2026-04-13\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement: update path-expression-matcher\n\u003cul\u003e\n\u003cli\u003euse proxy pattern than Proxy class\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.11 / 2026-04-08\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement\n\u003cul\u003e\n\u003cli\u003eintegrate ExpressionSet for stopNodes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.10 / 2026-04-03\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003cli\u003eprepare rawAttrsForMatcher only if user sets \u003ccode\u003ejPath: false\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/0f08303189d541b08401d15a7137dc238a815fa7\"\u003e\u003ccode\u003e0f08303\u003c/code\u003e\u003c/a\u003e fix typo\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f529642d760ef53bb9115ad4798af5dc77ac22c4\"\u003e\u003ccode\u003ef529642\u003c/code\u003e\u003c/a\u003e update to release v5.7.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/52a8583465d6a67ad19e86fe34714879a981c18e\"\u003e\u003ccode\u003e52a8583\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;improve performance of attributes reading\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/8d187f9abaf42ebdd85623a9ae942b08e8ae5d0c\"\u003e\u003ccode\u003e8d187f9\u003c/code\u003e\u003c/a\u003e update builder\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/e174168a72a65a8fccad2c42bde329d2167edf27\"\u003e\u003ccode\u003ee174168\u003c/code\u003e\u003c/a\u003e improve performance of attributes reading\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/79a8dde50cebaeeda75cc1ad5b97c328da106316\"\u003e\u003ccode\u003e79a8dde\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f5cd5a595f313ed7b0820cabfa82ebdaa08651f7\"\u003e\u003ccode\u003ef5cd5a5\u003c/code\u003e\u003c/a\u003e set xml version to decoder even if attributes are ignored\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f44b9236f4bee07bba75f0549fe86c981b1aeeef\"\u003e\u003ccode\u003ef44b923\u003c/code\u003e\u003c/a\u003e remove unwanted tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/869ec8b3588304a3a6aa9f22e38445e06d4547c8\"\u003e\u003ccode\u003e869ec8b\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003e@​nodable/entities\u003c/code\u003e v2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/7cb49e51cd060caecf296fbf718a98d8c044c8c5\"\u003e\u003ccode\u003e7cb49e5\u003c/code\u003e\u003c/a\u003e update release detail\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.3.6...v5.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.11.10 to 4.12.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.15\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(jwt): support single-line PEM keys by \u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/hiendv\"\u003e\u003ccode\u003e@​hiendv\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4889\"\u003ehonojs/hono#4889\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.14...v4.12.15\"\u003ehttps://github.com/honojs/hono/compare/v4.12.14...v4.12.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f774f8df49e7ec7e205f15c5076a37132c515ebf\"\u003e\u003ccode\u003ef774f8d\u003c/code\u003e\u003c/a\u003e 4.12.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/18fe604c8cefc2628240651b1af219692e1918c1\"\u003e\u003ccode\u003e18fe604\u003c/code\u003e\u003c/a\u003e fix(jwt): support single-line PEM keys (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4889\"\u003e#4889\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.11.10...v4.12.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 6.8.8 to 7.5.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e5ca5c84e326699e10258367883a54934e0bfe14\"\u003ee5ca5c8\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a84409b47f9ba0dba56da1af8054fb54f85d85a1\"\u003ea84409b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9c5a178c4b59e0aa65ecac0bd7420171213b2ff9\"\u003e9c5a178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b2c686721e3b63d092419fa1cbe58e1deb89534e\"\u003eb2c6867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/60f3e51087ca2c247473410f39331e1c766aefef\"\u003e60f3e51\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a6563617de04d510d6e8865eb6c5067f10247f64\"\u003ea656361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/869a95b1e5f553c76243aac45619061407a41084\"\u003e869a95b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b936af4219181811e98f72d4902a40e1c3f1f3be\"\u003eb936af4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a938467e476b3e168b8df1b89452864731e6a373\"\u003ea938467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1af8454538b63d58b822ea9d20b935f2ac9f158c\"\u003e1af8454\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/785416fd2b9827e4cb9bfccd823c3b6836baffb0\"\u003e785416f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a9ffc8a7b593209642fc9d89e884ac6c4e746494\"\u003ea9ffc8a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution and tests (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/68b5339ea1936c90f526983da29b4267d20f9a51\"\u003e68b5339\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd feature resolution for protobuf editions (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/547afa26f76e22e5463a17aec082b0b60cd951d8\"\u003e547afa2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e\u003ccode\u003e6406d4c\u003c/code\u003e\u003c/a\u003e fix: optimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e\u003ccode\u003e56782bf\u003c/code\u003e\u003c/a\u003e fix: reserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1dbcfe322899aca50fb82916db7802f647f23f0e\"\u003e\u003ccode\u003e1dbcfe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2035\"\u003e#2035\u003c/a\u003e from protobufjs/release-please--branches--master\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/6.8.8...protobufjs-v7.5.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~google-wombot\"\u003egoogle-wombot\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `openclaw` from 2026.2.17 to 2026.4.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/openclaw/openclaw/releases\"\u003eopenclaw's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eopenclaw 2026.4.23\u003c/h2\u003e\n\u003ch2\u003e2026.4.23\u003c/h2\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eProviders/OpenAI: add image generation and reference-image editing through Codex OAuth, so \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e works without an \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70703\"\u003e#70703\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: add image generation and reference-image editing through \u003ccode\u003eimage_generate\u003c/code\u003e, so OpenRouter image models work with \u003ccode\u003eOPENROUTER_API_KEY\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/55066\"\u003e#55066\u003c/a\u003e via \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67668\"\u003e#67668\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/notamicrodose\"\u003e\u003ccode\u003e@​notamicrodose\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImage generation: let agents request provider-supported quality and output format hints, and pass OpenAI-specific background, moderation, compression, and user hints through the \u003ccode\u003eimage_generate\u003c/code\u003e tool. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70503\"\u003e#70503\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/ottodeng\"\u003e\u003ccode\u003e@​ottodeng\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/subagents: add optional forked context for native \u003ccode\u003esessions_spawn\u003c/code\u003e runs so agents can let a child inherit the requester transcript when needed, while keeping clean isolated sessions as the default; includes prompt guidance, context-engine hook metadata, docs, and QA coverage.\u003c/li\u003e\n\u003cli\u003eAgents/tools: add optional per-call \u003ccode\u003etimeoutMs\u003c/code\u003e support for image, video, music, and TTS generation tools so agents can extend provider request timeouts only when a specific generation needs it.\u003c/li\u003e\n\u003cli\u003eMemory/local embeddings: add configurable \u003ccode\u003ememorySearch.local.contextSize\u003c/code\u003e with a 4096 default so local embedding contexts can be tuned for constrained hosts without patching the memory host. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70544\"\u003e#70544\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/aalekh-sarvam\"\u003e\u003ccode\u003e@​aalekh-sarvam\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDependencies/Pi: update bundled Pi packages to \u003ccode\u003e0.70.0\u003c/code\u003e, use Pi's upstream \u003ccode\u003egpt-5.5\u003c/code\u003e catalog metadata for OpenAI and OpenAI Codex, and keep only local \u003ccode\u003egpt-5.5-pro\u003c/code\u003e forward-compat handling.\u003c/li\u003e\n\u003cli\u003eCodex harness: add structured debug logging for embedded harness selection decisions so \u003ccode\u003e/status\u003c/code\u003e stays simple while gateway logs explain auto-selection and Pi fallback reasons. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70760\"\u003e#70760\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/100yenadmin\"\u003e\u003ccode\u003e@​100yenadmin\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCodex harness: route native \u003ccode\u003erequest_user_input\u003c/code\u003e prompts back to the originating chat, preserve queued follow-up answers, and honor newer app-server command approval amendment decisions.\u003c/li\u003e\n\u003cli\u003eCodex harness/context-engine: redact context-engine assembly failures before logging, so fallback warnings do not serialize raw error objects. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70809\"\u003e#70809\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/jalehman\"\u003e\u003ccode\u003e@​jalehman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp/onboarding: keep first-run setup entry loading off the Baileys runtime dependency path, so packaged QuickStart installs can show WhatsApp setup before runtime deps are staged. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70932\"\u003e#70932\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBlock streaming: suppress final assembled text after partial block-delivery aborts when the already-sent text chunks exactly cover the final reply, preventing duplicate replies without dropping unrelated short messages. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70921\"\u003e#70921\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex harness/Windows: resolve npm-installed \u003ccode\u003ecodex.cmd\u003c/code\u003e shims through PATHEXT before starting the native app-server, so \u003ccode\u003ecodex/*\u003c/code\u003e models work without a manual \u003ccode\u003e.exe\u003c/code\u003e shim. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70913\"\u003e#70913\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eSlack/groups: classify MPIM group DMs as group chat context and suppress verbose tool/plan progress on Slack non-DM surfaces, so internal \u0026quot;Working…\u0026quot; traces no longer leak into rooms. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70912\"\u003e#70912\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/replay: stop OpenAI/Codex transcript replay from synthesizing missing tool results while still preserving synthetic repair on Anthropic, Gemini, and Bedrock transport-owned sessions. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/61556\"\u003e#61556\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/VictorJeon\"\u003e\u003ccode\u003e@​VictorJeon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eTelegram/media replies: parse remote markdown image syntax into outbound media payloads on the final reply path, so Telegram group chats stop falling back to plain-text image URLs when the model or a tool emits \u003ccode\u003e![https://github.com/openclaw/openclaw/blob/HEAD/...](https://github.com/openclaw/openclaw/blob/HEAD/...)\u003c/code\u003e instead of a \u003ccode\u003eMEDIA:\u003c/code\u003e token. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/66191\"\u003e#66191\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/apezam\"\u003e\u003ccode\u003e@​apezam\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/WebChat: surface non-retryable provider failures such as billing, auth, and rate-limit errors from the embedded runner instead of logging \u003ccode\u003esurface_error\u003c/code\u003e and leaving webchat with no rendered error. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70124\"\u003e#70124\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70848\"\u003e#70848\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/truffle-dev\"\u003e\u003ccode\u003e@​truffle-dev\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eWhatsApp: unify outbound media normalization across direct sends and auto-replies. Thanks \u003ca href=\"https://github.com/mcaxtr\"\u003e\u003ccode\u003e@​mcaxtr\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/CLI: declare the built-in \u003ccode\u003elocal\u003c/code\u003e embedding provider in the memory-core manifest, so standalone \u003ccode\u003eopenclaw memory status\u003c/code\u003e, \u003ccode\u003eindex\u003c/code\u003e, and \u003ccode\u003esearch\u003c/code\u003e can resolve local embeddings just like the gateway runtime. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70836\"\u003e#70836\u003c/a\u003e. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70873\"\u003e#70873\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/mattznojassist\"\u003e\u003ccode\u003e@​mattznojassist\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eGateway/WebChat: preserve image attachments for text-only primary models by offloading them as media refs instead of dropping them, so configured image tools can still inspect the original file. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/68513\"\u003e#68513\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/44276\"\u003e#44276\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/51656\"\u003e#51656\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70212\"\u003e#70212\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/Google Meet: hang up delegated Twilio calls on leave, clean up Chrome realtime audio bridges when launch fails, and use a flat provider-safe tool schema.\u003c/li\u003e\n\u003cli\u003eMedia understanding: honor explicit image-model configuration before native-vision skips, including \u003ccode\u003eagents.defaults.imageModel\u003c/code\u003e, \u003ccode\u003etools.media.image.models\u003c/code\u003e, and provider image defaults such as MiniMax VL when the active chat model is text-only. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/47614\"\u003e#47614\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/63722\"\u003e#63722\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/69171\"\u003e#69171\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCodex/media understanding: support \u003ccode\u003ecodex/*\u003c/code\u003e image models through bounded Codex app-server image turns, while keeping \u003ccode\u003eopenai-codex/*\u003c/code\u003e on the OpenAI Codex OAuth route and validating app-server responses against generated protocol contracts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70201\"\u003e#70201\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI Codex: synthesize the \u003ccode\u003eopenai-codex/gpt-5.5\u003c/code\u003e OAuth model row when Codex catalog discovery omits it, so cron and subagent runs do not fail with \u003ccode\u003eUnknown model\u003c/code\u003e while the account is authenticated.\u003c/li\u003e\n\u003cli\u003eModels/Codex: preserve Codex provider metadata when adding models from chat or CLI commands, so manually added Codex models keep the right auth and routing behavior. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70820\"\u003e#70820\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: route \u003ccode\u003eopenai/gpt-image-2\u003c/code\u003e through configured Codex OAuth directly when an \u003ccode\u003eopenai-codex\u003c/code\u003e profile is active, instead of probing \u003ccode\u003eOPENAI_API_KEY\u003c/code\u003e first.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: harden image generation auth routing and Codex OAuth response parsing so fallback only applies to public OpenAI API routes and bounded SSE results. Thanks \u003ca href=\"https://github.com/Takhoffman\"\u003e\u003ccode\u003e@​Takhoffman\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eOpenAI/image generation: send reference-image edits as guarded multipart uploads instead of JSON data URLs, restoring complex multi-reference \u003ccode\u003egpt-image-2\u003c/code\u003e edits. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70642\"\u003e#70642\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/dashhuang\"\u003e\u003ccode\u003e@​dashhuang\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenRouter: send image-understanding prompts as user text before image parts, restoring non-empty vision responses for OpenRouter multimodal models. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70410\"\u003e#70410\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/Google: honor the private-network SSRF opt-in for Gemini image generation requests, so trusted proxy setups that resolve Google API hosts to private addresses can use \u003ccode\u003eimage_generate\u003c/code\u003e. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/67216\"\u003e#67216\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAgents/transport: stop embedded runs from lowering the process-wide undici stream timeouts, so slow Gemini image generation and other long-running provider requests no longer inherit short run-attempt headers timeouts. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70423\"\u003e#70423\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/giangthb\"\u003e\u003ccode\u003e@​giangthb\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: honor the private-network SSRF opt-in for OpenAI-compatible image generation endpoints, so trusted LocalAI/LAN \u003ccode\u003eimage_generate\u003c/code\u003e routes work without disabling SSRF checks globally. Fixes \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/62879\"\u003e#62879\u003c/a\u003e. Thanks \u003ca href=\"https://github.com/seitzbg\"\u003e\u003ccode\u003e@​seitzbg\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eProviders/OpenAI: stop advertising the removed \u003ccode\u003egpt-5.3-codex-spark\u003c/code\u003e Codex model through fallback catalogs, and suppress stale rows with a GPT-5.5 recovery hint.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: persist assistant-generated images as authenticated managed media and accept paired-device tokens for assistant media fetches, so webchat history reloads keep showing generated images. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70719\"\u003e#70719\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70741\"\u003e#70741\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/Patrick-Erichsen\"\u003e\u003ccode\u003e@​Patrick-Erichsen\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eControl UI/chat: queue Stop-button aborts across Gateway reconnects so a disconnected active run is canceled on reconnect instead of only clearing local UI state. (\u003ca href=\"https://redirect.github.com/openclaw/openclaw/issues/70673\"\u003e#70673\u003c/a\u003e) Thanks \u003ca href=\"https://github.com/chinar-amrutkar\"\u003e\u003ccode\u003e@​chinar-amrutkar\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMemory/QMD: recreate stale managed QMD collections when startup repair finds the collection name already exists, so root memory narrows back to \u003ccode\u003eMEMORY.md\u003c/code\u003e instead of staying on broad workspace markdown indexing.\u003c/li\u003e\n\u003cli\u003eAgents/OpenAI: surface selected-model capacity failures from PI, Codex, and auto-reply harness paths with a model-switch hint instead of the generic empty-response error. Thanks \u003ca href=\"https://github.com/vincentkoc\"\u003e\u003ccode\u003e@​vincentkoc\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003ePlugins/QR: replace legacy \u003ccode\u003eqrcode-terminal\u003c/code\u003e QR rendering with bo...\n\n_Description has been truncated_","html_url":"https://github.com/mdjahid11978-design/lossless-claw/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdjahid11978-design%2Flossless-claw/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-24T14:21:28.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4323552782","node_id":"PR_kwDOAicEJ87VXUqt","number":156,"state":"open","title":"chore: Bump basic-ftp from 5.2.0 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T14:21:28.000Z","updated_at":"2026-04-24T21:34:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore: Bump","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/sudodoki/copy-to-clipboard/pull/156","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudodoki%2Fcopy-to-clipboard/issues/156","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/156/packages"}},{"old_version":"5.0.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-24T03:00:48.000Z","version_change":"5.0.5 → 5.3.0","issue":{"uuid":"4320213568","node_id":"PR_kwDOACQQDs7VMTkT","number":30,"state":"closed","title":"Bump basic-ftp from 5.0.5 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-24T03:11:39.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-24T03:00:48.000Z","updated_at":"2026-04-24T03:11:47.000Z","time_to_close":651,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"[//]: # (dependabot-start)\n⚠️  **Dependabot is rebasing this PR** ⚠️ \n\nRebasing might not happen immediately, so don't worry if this takes some time.\n\nNote: if you make any changes to this PR yourself, they will take precedence over the rebase.\n\n---\n\n[//]: # (dependabot-end)\n\nBumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.0.5 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.0.5\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sirkitree/sirkitree.github.com/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sirkitree/sirkitree.github.com/pull/30","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sirkitree%2Fsirkitree.github.com/issues/30","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/30/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-24T01:14:47.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4319828498","node_id":"PR_kwDOR4yV9c7VLEBM","number":19,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T01:14:47.000Z","updated_at":"2026-04-24T01:16:27.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"next","old_version":"15.5.14","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"hono","old_version":"4.12.10","new_version":"4.12.14","repository_url":"https://github.com/honojs/hono"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [next](https://github.com/vercel/next.js), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [hono](https://github.com/honojs/hono).\n\nUpdates `next` from 15.5.14 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.5.14...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.10 to 4.12.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003ch3\u003eMissing validation of cookie name on write path in setCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003esetCookie()\u003c/code\u003e, \u003ccode\u003eserialize()\u003c/code\u003e, and \u003ccode\u003eserializeSigned()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm\u003c/p\u003e\n\u003ch3\u003eNon-breaking space prefix bypass in cookie name handling in getCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003egetCookie()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0\"\u003e\u003ccode\u003ecc067c8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec\"\u003e\u003ccode\u003ea586cd7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.10...v4.12.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/crisesarmiento/vision-total-ar/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/crisesarmiento/vision-total-ar/pull/19","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/crisesarmiento%2Fvision-total-ar/issues/19","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/19/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-23T19:38:53.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4318405375","node_id":"PR_kwDON2oBcs7VGaSw","number":59,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-23T19:38:53.000Z","updated_at":"2026-04-23T19:39:14.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"astro","old_version":"5.16.6","new_version":"6.1.9","repository_url":"https://github.com/withastro/astro"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"dompurify","old_version":"3.3.3","new_version":"3.4.1","repository_url":"https://github.com/cure53/DOMPurify"},{"name":"serialize-javascript","old_version":"7.0.3","new_version":"7.0.5","repository_url":"https://github.com/yahoo/serialize-javascript"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.16.6` | `6.1.9` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.2` | `4.0.4` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `7.0.3` | `7.0.5` |\n\nBumps the npm_and_yarn group with 1 update in the /examples/advanced/create-react-native-app directory: [expo](https://github.com/expo/expo/tree/HEAD/packages/expo).\nBumps the npm_and_yarn group with 2 updates in the /examples/advanced/node-modules-as-config-and-properties directory: [minimatch](https://github.com/isaacs/minimatch) and [glob](https://github.com/isaacs/node-glob).\n\nUpdates `astro` from 5.16.6 to 6.1.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/releases\"\u003eastro's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eastro@6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16027\"\u003e#16027\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/c62516bbbf8fdf95d38293440d28221c048c41f0\"\u003e\u003ccode\u003ec62516b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fkatsuhiro\"\u003e\u003ccode\u003e@​fkatsuhiro\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16311\"\u003e#16311\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/94048f27c30f47ae0e01f90231e0496ed80595f7\"\u003e\u003ccode\u003e94048f2\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Arecsu\"\u003e\u003ccode\u003e@​Arecsu\u003c/code\u003e\u003c/a\u003e! - Fixes \u003ccode\u003e--port\u003c/code\u003e flag being ignored after a Vite-triggered server restart (e.g. when a \u003ccode\u003e.env\u003c/code\u003e file changes)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16316\"\u003e#16316\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/0fcd04cc985002b56c9e2d36bcb68da0d3f08d5f\"\u003e\u003ccode\u003e0fcd04c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes the \u003ccode\u003e/_image\u003c/code\u003e endpoint accepting an arbitrary \u003ccode\u003ef=svg\u003c/code\u003e query parameter and serving non-SVG content as \u003ccode\u003eimage/svg+xml\u003c/code\u003e. The endpoint now validates that the source is actually SVG before honoring \u003ccode\u003ef=svg\u003c/code\u003e, matching the same guard already enforced on the \u003ccode\u003e\u0026lt;Image\u0026gt;\u003c/code\u003e component path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eastro@6.1.6\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16202\"\u003e#16202\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/b5c2fba8bf2bc315db94e525f12f7661dd357822\"\u003e\u003ccode\u003eb5c2fba\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Fixes Actions failing with \u003ccode\u003eActionsWithoutServerOutputError\u003c/code\u003e when using \u003ccode\u003eoutput: 'static'\u003c/code\u003e with an adapter\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md\"\u003eastro's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e6.1.9\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16448\"\u003e#16448\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Updates vite, picomatch, and unstorage to latest patch versions\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16422\"\u003e#16422\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens \u003ccode\u003eastro-island\u003c/code\u003e export resolution and hydration error handling for malformed component metadata\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16420\"\u003e#16420\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16419\"\u003e#16419\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/matthewp\"\u003e\u003ccode\u003e@​matthewp\u003c/code\u003e\u003c/a\u003e! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16022\"\u003e#16022\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe\"\u003e\u003ccode\u003ea002540\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/mathieumaf\"\u003e\u003ccode\u003e@​mathieumaf\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where i18n domains would return 404 when \u003ccode\u003etrailingSlash\u003c/code\u003e is set to \u003ccode\u003enever\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/internal-helpers\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/markdown-remark\u003c/code\u003e\u003ca href=\"https://github.com/7\"\u003e\u003ccode\u003e@​7\u003c/code\u003e\u003c/a\u003e.1.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.8\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16367\"\u003e#16367\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121\"\u003e\u003ccode\u003ea6866a7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes an issue where build output files could contain special characters (\u003ccode\u003e!\u003c/code\u003e, \u003ccode\u003e~\u003c/code\u003e, \u003ccode\u003e{\u003c/code\u003e, \u003ccode\u003e}\u003c/code\u003e) in their names, causing deploy failures on platforms like Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16381\"\u003e#16381\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605\"\u003e\u003ccode\u003e217c5b3\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16348\"\u003e#16348\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd\"\u003e\u003ccode\u003e7d26cd7\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ocavue\"\u003e\u003ccode\u003e@​ocavue\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where \u003ccode\u003eallowedDomains\u003c/code\u003e weren't correctly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16379\"\u003e#16379\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b\"\u003e\u003ccode\u003e5a84551\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/martrapp\"\u003e\u003ccode\u003e@​martrapp\u003c/code\u003e\u003c/a\u003e! - Improves Vue scoped style handling in DEV mode during client router navigation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16317\"\u003e#16317\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e\"\u003e\u003ccode\u003ed012bfe\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/das-peter\"\u003e\u003ccode\u003e@​das-peter\u003c/code\u003e\u003c/a\u003e! - Adds tests to verify settings are properly propagated when using the development server.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16282\"\u003e#16282\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2\"\u003e\u003ccode\u003e5b0fdaa\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/jmurty\"\u003e\u003ccode\u003e@​jmurty\u003c/code\u003e\u003c/a\u003e! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdated dependencies [\u003ca href=\"https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765\"\u003e\u003ccode\u003ee0b240e\u003c/code\u003e\u003c/a\u003e]:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​astrojs/telemetry\u003c/code\u003e\u003ca href=\"https://github.com/3\"\u003e\u003ccode\u003e@​3\u003c/code\u003e\u003c/a\u003e.3.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.7\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16027\"\u003e#16027\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/c62516bbbf8fdf95d38293440d28221c048c41f0\"\u003e\u003ccode\u003ec62516b\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/fkatsuhiro\"\u003e\u003ccode\u003e@​fkatsuhiro\u003c/code\u003e\u003c/a\u003e! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16311\"\u003e#16311\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/94048f27c30f47ae0e01f90231e0496ed80595f7\"\u003e\u003ccode\u003e94048f2\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/Arecsu\"\u003e\u003ccode\u003e@​Arecsu\u003c/code\u003e\u003c/a\u003e! - Fixes \u003ccode\u003e--port\u003c/code\u003e flag being ignored after a Vite-triggered server restart (e.g. when a \u003ccode\u003e.env\u003c/code\u003e file changes)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/withastro/astro/pull/16316\"\u003e#16316\u003c/a\u003e \u003ca href=\"https://github.com/withastro/astro/commit/0fcd04cc985002b56c9e2d36bcb68da0d3f08d5f\"\u003e\u003ccode\u003e0fcd04c\u003c/code\u003e\u003c/a\u003e Thanks \u003ca href=\"https://github.com/ematipico\"\u003e\u003ccode\u003e@​ematipico\u003c/code\u003e\u003c/a\u003e! - Fixes the \u003ccode\u003e/_image\u003c/code\u003e endpoint accepting an arbitrary \u003ccode\u003ef=svg\u003c/code\u003e query parameter and serving non-SVG content as \u003ccode\u003eimage/svg+xml\u003c/code\u003e. The endpoint now validates that the source is actually SVG before honoring \u003ccode\u003ef=svg\u003c/code\u003e, matching the same guard already enforced on the \u003ccode\u003e\u0026lt;Image\u0026gt;\u003c/code\u003e component path.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1.6\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/21ca8723de9da123f2ee5b7acc7cbaf8f03dbec1\"\u003e\u003ccode\u003e21ca872\u003c/code\u003e\u003c/a\u003e [ci] release (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16399\"\u003e#16399\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d\"\u003e\u003ccode\u003ef3485c3\u003c/code\u003e\u003c/a\u003e Harden nested object path lookups (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16419\"\u003e#16419\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd\"\u003e\u003ccode\u003e99464ed\u003c/code\u003e\u003c/a\u003e Bump vite, picomatch, and unstorage to latest patch versions (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16448\"\u003e#16448\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/471a4d69b9ed98d2a016660e130fc6d12ce8aa38\"\u003e\u003ccode\u003e471a4d6\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate all remaining tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16444\"\u003e#16444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490\"\u003e\u003ccode\u003ee21de1d\u003c/code\u003e\u003c/a\u003e fix(astro): harden error overlay and log formatting (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16420\"\u003e#16420\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715\"\u003e\u003ccode\u003ea3951d7\u003c/code\u003e\u003c/a\u003e fix(astro): harden astro-island export resolution (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16422\"\u003e#16422\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/8a139692a8d6b2402005ddd4bfb58b3868016ced\"\u003e\u003ccode\u003e8a13969\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 4 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16427\"\u003e#16427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/3bdc4acc94114bf04d614d80a354363a4ae9326d\"\u003e\u003ccode\u003e3bdc4ac\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate core-image tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16413\"\u003e#16413\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/72e9faa22466f1ba39247bf3e6654e6ddc8dc8d9\"\u003e\u003ccode\u003e72e9faa\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 19 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16414\"\u003e#16414\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/withastro/astro/commit/1c477aa39d2d32b96f3a0498579ef5946efdde7e\"\u003e\u003ccode\u003e1c477aa\u003c/code\u003e\u003c/a\u003e refactor(astro): migrate 10 tests to typescript (\u003ca href=\"https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16411\"\u003e#16411\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/withastro/astro/commits/astro@6.1.9/packages/astro\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.3 to 3.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue with on-handler stripping for HTML-spec-reserved custom element names (\u003ccode\u003efont-face\u003c/code\u003e, \u003ccode\u003ecolor-profile\u003c/code\u003e, \u003ccode\u003emissing-glyph\u003c/code\u003e, \u003ccode\u003efont-face-src\u003c/code\u003e, \u003ccode\u003efont-face-uri\u003c/code\u003e, \u003ccode\u003efont-face-format\u003c/code\u003e, \u003ccode\u003efont-face-name\u003c/code\u003e) under permissive \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFixed a case-sensitivity gap in the \u003ccode\u003eannotation-xml\u003c/code\u003e check that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML mode\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e repeatedly prefixing already-prefixed \u003ccode\u003eid\u003c/code\u003e and \u003ccode\u003ename\u003c/code\u003e values on subsequent sanitization\u003c/li\u003e\n\u003cli\u003eFixed the \u003ccode\u003eIN_PLACE\u003c/code\u003e root-node check to explicitly guard against non-string \u003ccode\u003enodeName\u003c/code\u003e (DOM-clobbering robustness)\u003c/li\u003e\n\u003cli\u003eRemoved a duplicate \u003ccode\u003eslot\u003c/code\u003e entry from the default HTML attribute allow-list\u003c/li\u003e\n\u003cli\u003eStrengthened the fast-check fuzz harness with explicit XSS invariants, an expanded seed-payload corpus, an additional idempotence property for \u003ccode\u003eSANITIZE_NAMED_PROPS\u003c/code\u003e, and a negative-control assertion ensuring the invariants actually fire\u003c/li\u003e\n\u003cli\u003eAdded regression and pinning tests covering the above fixes and two accepted-behavior contracts (\u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e greedy scrub, hook-added attribute handling)\u003c/li\u003e\n\u003cli\u003eExtended CodeQL analysis to run on \u003ccode\u003e3.x\u003c/code\u003e and \u003ccode\u003e2.x\u003c/code\u003e maintenance branches\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8\"\u003e\u003ccode\u003e5b0cdbb\u003c/code\u003e\u003c/a\u003e chore: merge main into 3.x for 3.4.1 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1301\"\u003e#1301\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a\"\u003e\u003ccode\u003e09f5911\u003c/code\u003e\u003c/a\u003e test: added three more browsers to test setup (OSX, mobile)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.3...3.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `serialize-javascript` from 7.0.3 to 7.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/yahoo/serialize-javascript/releases\"\u003eserialize-javascript's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.5\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove robustness and validation for array-like object serialization.\u003c/li\u003e\n\u003cli\u003eFix an issue where certain object structures could lead to excessive CPU usage.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor more details, please see GHSA-qj8w-gfj5-8c6v.\u003c/p\u003e\n\u003ch2\u003ev7.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003erelease: v7.0.4 by \u003ca href=\"https://github.com/okuryu\"\u003e\u003ccode\u003e@​okuryu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/yahoo/serialize-javascript/pull/211\"\u003eyahoo/serialize-javascript#211\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\"\u003ehttps://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/df3f1c1fa9ca16b050ae893cb63ac23c91deed55\"\u003e\u003ccode\u003edf3f1c1\u003c/code\u003e\u003c/a\u003e release: v7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b\"\u003e\u003ccode\u003ef147e90\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/yahoo/serialize-javascript/commit/eec32e08c5ac51bba2d8042101f6d2622c133110\"\u003e\u003ccode\u003eeec32e0\u003c/code\u003e\u003c/a\u003e release: v7.0.4\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 6.4.1 to 7.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.3.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.3.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.5\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.5/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eNote: 7.2.5 failed to publish so it is skipped on npm\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev7.2.4\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.4/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.3\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.3/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.1/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003eplugin-legacy@7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/plugin-legacy@7.2.0/packages/plugin-legacy/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.2.0-beta.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.2.0-beta.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev7.1.12\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v7.1.12/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.1...v7.3.2\"\u003e7.3.2\u003c/a\u003e (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eavoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e09d8c90\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebackport \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22162\"\u003e#22162\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e19db0f2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003echeck \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22160\"\u003e#22160\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003ef8103cc\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.3.0...v7.3.1\"\u003e7.3.1\u003c/a\u003e (2026-01-07)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21364\"\u003e#21364\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e9d39d37\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.7...v7.3.0\"\u003e7.3.0\u003c/a\u003e (2025-12-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21183\"\u003e#21183\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003ecff26ec\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.6...v7.2.7\"\u003e7.2.7\u003c/a\u003e (2025-12-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eplugin shortcut support (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21211\"\u003e#21211\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e721f163\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.5...v7.2.6\"\u003e7.2.6\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.4...v7.2.5\"\u003e7.2.5\u003c/a\u003e (2025-12-01)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003econfig:\u003c/strong\u003e handle shebang properly (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21158\"\u003e#21158\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/df5a30d2690a2ebc4824a79becdcef30538dc602\"\u003edf5a30d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21146\"\u003e#21146\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/a3cd262f37228967e455617e982b35fccc49ffe9\"\u003ea3cd262\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update all non-major dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21175\"\u003e#21175\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/72e398a46d8d2f54fbcbeb9ff0dceab346aeb642\"\u003e72e398a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix \u003ccode\u003eexternal: true\u003c/code\u003e merging (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21164\"\u003e#21164\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/5ef557a96c4a1f2b3a3aa25c12df3ee87b4a03f5\"\u003e5ef557a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eshortcuts not rebound after server restart (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21166\"\u003e#21166\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/3765f7baea36234bf3816eeed38776d27bfd3649\"\u003e3765f7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePerformance Improvements\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21137\"\u003e#21137\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/203a5512a42a1031f685993f5d9cbae5f328354f\"\u003e203a551\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eclarify manifest.json \u003ccode\u003eimports\u003c/code\u003e field is JS chunks only (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21136\"\u003e#21136\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/46d3077f2b63771cc50230bc907c48f5773c00fb\"\u003e46d3077\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMiscellaneous Chores\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edeps:\u003c/strong\u003e update rolldown-related dependencies (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21174\"\u003e#21174\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/74559c947483a8ee24da052ac2d9568f7cb3546a\"\u003e74559c9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.3...v7.2.4\"\u003e7.2.4\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003erevert \u0026quot;perf(deps): replace debug with obug (\u003ca href=\"https://redirect.github.com/vitejs/vite/issues/21107\"\u003e#21107\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://github.com/vitejs/vite/commit/2d66b7b14aa6dfd62f3d6a59ee8382ed5ca6fd32\"\u003e2d66b7b\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e\u003ca href=\"https://github.com/vitejs/vite/compare/v7.2.2...v7.2.3\"\u003e7.2.3\u003c/a\u003e (2025-11-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cc383e07b66d4c5a9768fcb570e0af812cb8d999\"\u003e\u003ccode\u003ecc383e0\u003c/code\u003e\u003c/a\u003e release: v7.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/09d8c903bde12fee2710314d3b42bc789c686df7\"\u003e\u003ccode\u003e09d8c90\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f8103cc946f137a54e395fe3f5d08e8209231ed6\"\u003e\u003ccode\u003ef8103cc\u003c/code\u003e\u003c/a\u003e fix: check \u003ccode\u003eserver.fs\u003c/code\u003e after stripping query as well (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160\"\u003e#22160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/19db0f29c3a3ac4e64cc95c270716c77fd223ad1\"\u003e\u003ccode\u003e19db0f2\u003c/code\u003e\u003c/a\u003e fix: backport \u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e, apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22162\"\u003e#22162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/95e8923f35d0252c9f6eb2d5e358c084542706f1\"\u003e\u003ccode\u003e95e8923\u003c/code\u003e\u003c/a\u003e release: v7.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/9d39d373a7b4e0a93322b70b9dbeb202af06af3e\"\u003e\u003ccode\u003e9d39d37\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eignoreOutdatedRequests\u003c/code\u003e option to \u003ccode\u003eoptimizeDeps\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21364\"\u003e#21364\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/acf7e05eaeb18e98f5e19e2d3e648950726f20d1\"\u003e\u003ccode\u003eacf7e05\u003c/code\u003e\u003c/a\u003e release: v7.3.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/cff26ec0fc13373d7125a5eac6cb01fe63fee4b1\"\u003e\u003ccode\u003ecff26ec\u003c/code\u003e\u003c/a\u003e feat(deps): update esbuild from ^0.25.0 to ^0.27.0 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21183\"\u003e#21183\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/317b3b272f9ef6faa647a51ab3b0768fecc1071d\"\u003e\u003ccode\u003e317b3b2\u003c/code\u003e\u003c/a\u003e release: v7.2.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/721f16343d9555ae8fc71a2e5354b22e12ff0dc3\"\u003e\u003ccode\u003e721f163\u003c/code\u003e\u003c/a\u003e fix: plugin shortcut support (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/21211\"\u003e#21211\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v7.3.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `expo` from 40.0.1 to 55.0.17\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expo/expo/blob/main/CHANGELOG.md\"\u003eexpo's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eThis is the log of notable changes to the Expo client that are developer-facing.\nPackage-specific changes not released in any SDK will be added here just before the release. Until then, you can find them in changelogs of the individual packages (see \u003ca href=\"https://github.com/expo/expo/blob/main/packages\"\u003epackages\u003c/a\u003e directory).\u003c/p\u003e\n\u003ch2\u003eUnpublished\u003c/h2\u003e\n\u003ch3\u003e📚 3rd party library updates\u003c/h3\u003e\n\u003ch3\u003e🛠 Breaking changes\u003c/h3\u003e\n\u003ch3\u003e🎉 New features\u003c/h3\u003e\n\u003ch3\u003e🐛 Bug fixes\u003c/h3\u003e\n\u003ch2\u003e55.0.0 — 2026-02-25\u003c/h2\u003e\n\u003ch3\u003e🛠 Breaking changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-notifications\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eexpose \u003ccode\u003eBackgroundNotificationTaskResult\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41291\"\u003e#41291\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[ios], [internal] rename \u003ccode\u003eEXNotifications\u003c/code\u003e pod to \u003ccode\u003eExpoNotifications\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42009\"\u003e#42009\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[android] throw instead of logging a warning when attempting to use push notifications with Expo Go (\u003ca href=\"https://redirect.github.com/expo/expo/pull/39459\"\u003e#39459\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-modules-core\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] Drop support for legacy architecture.\u003c/li\u003e\n\u003cli\u003e[iOS] Renamed \u003ccode\u003eignoreSafeAreaKeyboardInsets\u003c/code\u003e to \u003ccode\u003eignoreSafeArea\u003c/code\u003e on \u003ccode\u003eHost\u003c/code\u003e component. It now accepts \u003ccode\u003e'all'\u003c/code\u003e or \u003ccode\u003e'keyboard'\u003c/code\u003e instead of a boolean. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42598\"\u003e#42598\u003c/a\u003e by \u003ca href=\"https://github.com/intergalacticspacehighway\"\u003e\u003ccode\u003e@​nishan\u003c/code\u003e\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42598\"\u003e#42598\u003c/a\u003e by \u003ca href=\"https://github.com/intergalacticspacehighway\"\u003e\u003ccode\u003e@​intergalacticspacehighway\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-localization\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] Default allowDynamicLocaleChangesAndroid to true when supportedLocales is configured (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41813\"\u003e#41813\u003c/a\u003e by \u003ca href=\"https://github.com/Ubax\"\u003e\u003ccode\u003e@​Ubax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-image-loader\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eiOS implementation has been moved to \u003ccode\u003eexpo-modules-core\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41395\"\u003e#41395\u003c/a\u003e by \u003ca href=\"https://github.com/tsapeta\"\u003e\u003ccode\u003e@​tsapeta\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-clipboard\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eRemoved deprecated \u003ccode\u003econtent\u003c/code\u003e property of the clipboard event listener. Use \u003ccode\u003egetStringAsync()\u003c/code\u003e instead. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41739\"\u003e#41739\u003c/a\u003e by \u003ca href=\"https://github.com/barthap\"\u003e\u003ccode\u003e@​barthap\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-cellular\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eremove deprecated JS constants, return \u003ccode\u003enull\u003c/code\u003e as a replacement for deprecated native iOS methods (\u003ca href=\"https://redirect.github.com/expo/expo/pull/43035\"\u003e#43035\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-brightness\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003euseSystemBrightnessAsync\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40168\"\u003e#40168\u003c/a\u003e by \u003ca href=\"https://github.com/vonovak\"\u003e\u003ccode\u003e@​vonovak\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-blur\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003e[Android] The \u003ccode\u003edimezisBlurView\u003c/code\u003e experimental blur method will no longer work without creating a related \u003ccode\u003eBlurTargetView\u003c/code\u003e. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/39990\"\u003e#39990\u003c/a\u003e by \u003ca href=\"https://github.com/behenate\"\u003e\u003ccode\u003e@​behenate\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🎉 New features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-web-browser\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for auth universal links callback (\u003ca href=\"https://redirect.github.com/expo/expo/pull/42695\"\u003e#42695\u003c/a\u003e by \u003ca href=\"https://github.com/gabrieldonadel\"\u003e\u003ccode\u003e@​gabrieldonadel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-sqlite\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdded SQLite inspector devtools plugin. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40872\"\u003e#40872\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/expo/expo/pull/40900\"\u003e#40900\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded tagged template literals support. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40972\"\u003e#40972\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eSQLITE_ENABLE_MATH_FUNCTIONS\u003c/code\u003e support by default. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/41333\"\u003e#41333\u003c/a\u003e by \u003ca href=\"https://github.com/kudo\"\u003e\u003ccode\u003e@​kudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-speech\u003c/code\u003e\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for \u003ccode\u003evolume\u003c/code\u003e option on iOS and Android. (\u003ca href=\"https://redirect.github.com/expo/expo/pull/40959\"\u003e#40959\u003c/a\u003e by \u003ca href=\"https://github.com/barthap\"\u003e\u003ccode\u003e@​barthap\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eexpo-sharing\u003c/code\u003e\u003c/strong\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/expo/expo/commits/HEAD/packages/expo\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 10.0.3 to 10.2.5\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and...\n\n_Description has been truncated_","html_url":"https://github.com/AKJUS/style-dictionary/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AKJUS%2Fstyle-dictionary/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}},{"old_version":"5.0.3","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-22T23:35:13.000Z","version_change":"5.0.3 → 5.3.0","issue":{"uuid":"4312395395","node_id":"PR_kwDOMYk1487Uyydj","number":178,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 16 directories with 11 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-04-24T22:17:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-22T23:35:13.000Z","updated_at":"2026-04-24T22:17:50.000Z","time_to_close":168157,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":11,"packages":[{"name":"electron","old_version":"27.3.10","new_version":"39.8.5","repository_url":"https://github.com/electron/electron"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"vite","old_version":"5.2.11","new_version":"6.4.2","repository_url":"https://github.com/vitejs/vite"},{"name":"simple-git","old_version":"3.16.0","new_version":"3.32.3","repository_url":"https://github.com/steveukx/git-js"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"axios","old_version":"0.21.2","new_version":"0.31.0","repository_url":"https://github.com/axios/axios"},{"name":"picomatch","old_version":"2.3.0","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.0.3","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [electron](https://github.com/electron/electron) | `27.3.10` | `39.8.5` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.2.11` | `6.4.2` |\n| [simple-git](https://github.com/steveukx/git-js/tree/HEAD/simple-git) | `3.16.0` | `3.32.3` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [axios](https://github.com/axios/axios) | `0.21.2` | `0.31.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.0` | `2.3.2` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.3` | `5.3.0` |\n\nBumps the npm_and_yarn group with 2 updates in the /npm/vite-plugin-cypress-esm directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 1 update in the /packages/https-proxy directory: [node-forge](https://github.com/digitalbazaar/forge).\nBumps the npm_and_yarn group with 1 update in the /packages/network directory: [node-forge](https://github.com/digitalbazaar/forge).\nBumps the npm_and_yarn group with 3 updates in the /system-tests/projects/angular-16 directory: [lodash](https://github.com/lodash/lodash), [node-forge](https://github.com/digitalbazaar/forge) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 4 updates in the /system-tests/projects/angular-cli-unconfigured directory: [lodash](https://github.com/lodash/lodash), [node-forge](https://github.com/digitalbazaar/forge), [picomatch](https://github.com/micromatch/picomatch) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/component-testing-outdated-dependencies directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/ct-public-api-solid-js directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/issue-25951-next-app directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/next-12 directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/next-12.1.6 directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 3 updates in the /system-tests/projects/runner-ct-specs directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [node-forge](https://github.com/digitalbazaar/forge) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/tailwind-vite directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/ts-proj-5 directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /system-tests/projects/vite-ct-object-api directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /system-tests/projects/webpack5_wds3-react directory: [lodash](https://github.com/lodash/lodash) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\n\nUpdates `electron` from 27.3.10 to 39.8.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/electron/electron/releases\"\u003eelectron's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eelectron v39.8.5\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.5\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a crash in \u003ccode\u003eclipboard.readImage()\u003c/code\u003e when the clipboard contains malformed image data. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50493\"\u003e#50493\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50491\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50492\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50494\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed a crash when calling an offscreen shared texture's \u003ccode\u003erelease()\u003c/code\u003e after the texture object was garbage collected. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50499\"\u003e#50499\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50500\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50501\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50502\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.4\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.4\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003enodeIntegrationInWorker\u003c/code\u003e overrides in \u003ccode\u003esetWindowOpenHandler\u003c/code\u003e were not honored for child windows sharing a renderer process with their opener. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50468\"\u003e#50468\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50163\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50467\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50134\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed crash when handling JavaScript dialogs from windows opened with invalid or empty URLs. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50400\"\u003e#50400\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50401\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50399\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50398\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed improper focus tracking in BaseWindow on MacOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50338\"\u003e#50338\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50337\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50340\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50339\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed window freeze when failing to enter/exit fullscreen on macOS. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50341\"\u003e#50341\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50344\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50343\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50342\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for using a proxy during yarn install. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50349\"\u003e#50349\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50352\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50350\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50351\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 485935305. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50440\"\u003e#50440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for 489381399. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50443\"\u003e#50443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fix for chromium:475877320. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50436\"\u003e#50436\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBackported fixes for 484751092, 487117772. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50461\"\u003e#50461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.3\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.3\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded additional ASAR support to additional \u003ccode\u003efs\u003c/code\u003e copy methods. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50284\"\u003e#50284\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50287\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50286\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50285\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed user resizing of transparent windows on win32 platform. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50300\"\u003e#50300\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50301\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50298\"\u003e41\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50299\"\u003e42\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.2\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.2\u003c/h1\u003e\n\u003ch2\u003eOther Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackported fix for b/491421267. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50230\"\u003e#50230\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eelectron v39.8.1\u003c/h2\u003e\n\u003ch1\u003eRelease Notes for v39.8.1\u003c/h1\u003e\n\u003ch2\u003eFixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded validation to protocol client methods to reject protocol names that do not conform to the RFC 3986 URI scheme grammar. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50156\"\u003e#50156\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50157\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50158\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50155\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue on macOS where calling \u003ccode\u003eautoUpdater.quitAndInstall()\u003c/code\u003e could fail if \u003ccode\u003echeckForUpdates()\u003c/code\u003e was called again after an update was already downloaded. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50215\"\u003e#50215\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50216\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50217\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where Chrome Devtools menus may not appear in certain embedded windows. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50136\"\u003e#50136\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50138\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50137\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003eadditionalData\u003c/code\u003e passed to \u003ccode\u003eapp.requestSingleInstanceLock\u003c/code\u003e on Windows could be truncated or fail to deserialize in the primary instance's \u003ccode\u003esecond-instance\u003c/code\u003e event. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50174\"\u003e#50174\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50177\"\u003e38\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50162\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50154\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue where \u003ccode\u003escreen.getCursorScreenPoint()\u003c/code\u003e crashed on Wayland when it was called before a \u003ccode\u003eBrowserWindow\u003c/code\u003e had been created. \u003ca href=\"https://redirect.github.com/electron/electron/pull/50106\"\u003e#50106\u003c/a\u003e \u003c!-- raw HTML omitted --\u003e(Also in \u003ca href=\"https://redirect.github.com/electron/electron/pull/50104\"\u003e40\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/electron/electron/pull/50105\"\u003e41\u003c/a\u003e)\u003c!-- raw HTML omitted --\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/9d2f8cb4da0d35e2daf7e7f60e35313b508cb224\"\u003e\u003ccode\u003e9d2f8cb\u003c/code\u003e\u003c/a\u003e refactor: remove dead named-window lookup from guest-window-manager (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50498\"\u003e#50498\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/11730047394233e70743c52567e17f4c3b2dc9fc\"\u003e\u003ccode\u003e1173004\u003c/code\u003e\u003c/a\u003e fix: crash calling OSR shared texture release() after texture GC'd (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50499\"\u003e#50499\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/be37adefd08f882e3f1fb8403d2d9e92c3009d56\"\u003e\u003ccode\u003ebe37ade\u003c/code\u003e\u003c/a\u003e fix: crash in clipboard.readImage() on malformed image data (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50493\"\u003e#50493\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/7007907df08d02da98f513dcbdb430ab51be59c7\"\u003e\u003ccode\u003e7007907\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 3 changes from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50461\"\u003e#50461\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/2c8b6ee0c0a7c26871dc0b320982afd8ed29df6c\"\u003e\u003ccode\u003e2c8b6ee\u003c/code\u003e\u003c/a\u003e chore: cherry-pick fbfb27470bf6 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50436\"\u003e#50436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/4c64377ead6b53bc565d7793a2712e49882e5354\"\u003e\u003ccode\u003e4c64377\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 50b057660b4d from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50440\"\u003e#50440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/0ef056130cde0c19c81ccfbc2932df6911765849\"\u003e\u003ccode\u003e0ef0561\u003c/code\u003e\u003c/a\u003e fix: read nodeIntegrationInWorker from per-frame WebPreferences (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50122\"\u003e#50122\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50\"\u003e#50\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/64373df3ca697bc6fe6e3ab1f463ba05beaf64cf\"\u003e\u003ccode\u003e64373df\u003c/code\u003e\u003c/a\u003e chore: cherry-pick 074d472db745 from chromium (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50443\"\u003e#50443\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/13e44072be367f516cfad36f95d183765174f4bf\"\u003e\u003ccode\u003e13e4407\u003c/code\u003e\u003c/a\u003e fix: don't re-parse URL unnecessarily when handling dialogs (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50400\"\u003e#50400\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/electron/electron/commit/16a038502a4ea0c79976be60bcc8f28a49f1ab99\"\u003e\u003ccode\u003e16a0385\u003c/code\u003e\u003c/a\u003e ci: output build cache hit rate as GHA annotation (\u003ca href=\"https://redirect.github.com/electron/electron/issues/50369\"\u003e#50369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/electron/electron/compare/v27.3.10...v39.8.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.2.11 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `simple-git` from 3.16.0 to 3.32.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/releases\"\u003esimple-git's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esimple-git@3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/CodeAnt-AI-Security\"\u003e\u003ccode\u003e@​CodeAnt-AI-Security\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8d02097: Enhanced clone unsafe switch detection.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e23b070f: Fix regex for detecting unsafe clone options\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/stevenwdv\"\u003e\u003ccode\u003e@​stevenwdv\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.32.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e1effd8e: Enhances the \u003ccode\u003eunsafe\u003c/code\u003e plugin to block additional cases where the \u003ccode\u003e-u\u003c/code\u003e switch may be disguised\nalong with other single character options.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JuHwiSang\"\u003e\u003ccode\u003e@​JuHwiSang\u003c/code\u003e\u003c/a\u003e for identifying this as vulnerability.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.31.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea44184f: Resolve NPM publish steps\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.30.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ebc77774: Correctly identify current branch name when using \u003ccode\u003egit.status\u003c/code\u003e in a cloned empty repo.\u003c/p\u003e\n\u003cp\u003ePreviously \u003ccode\u003egit.status\u003c/code\u003e would report the current branch name as \u003ccode\u003eNo\u003c/code\u003e. Thank you to \u003ca href=\"https://github.com/MaddyGuthridge\"\u003e\u003ccode\u003e@​MaddyGuthridge\u003c/code\u003e\u003c/a\u003e for identifying this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2adf47d: Allow repeating git options like \u003ccode\u003e{'--opt': ['value1', 'value2']}\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esimple-git@3.27.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/steveukx/git-js/blob/main/simple-git/CHANGELOG.md\"\u003esimple-git's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.32.3\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ef704208: Enhanced \u003ccode\u003eprotocol.allow\u003c/code\u003e checks in \u003ccode\u003eallowUnsafeExtProtocol\u003c/code\u003e handling.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/CodeAnt-AI-Security\"\u003e\u003ccode\u003e@​CodeAnt-AI-Security\u003c/code\u003e\u003c/a\u003e for identifying the issue\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e8d02097: Enhanced clone unsafe switch detection.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e23b070f: Fix regex for detecting unsafe clone options\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/stevenwdv\"\u003e\u003ccode\u003e@​stevenwdv\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.32.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e1effd8e: Enhances the \u003ccode\u003eunsafe\u003c/code\u003e plugin to block additional cases where the \u003ccode\u003e-u\u003c/code\u003e switch may be disguised\nalong with other single character options.\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/JuHwiSang\"\u003e\u003ccode\u003e@​JuHwiSang\u003c/code\u003e\u003c/a\u003e for identifying this as vulnerability.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed5fd4fe: Use task runner for logging use of deprecated (already no-op) functions.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.31.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ea44184f: Resolve NPM publish steps\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.31.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e22dc93f: Custom binary plugin should support the use of \u003ccode\u003e~\u003c/code\u003e character, used by Windows to shorten long folder names\nand folder names that have spaces in them (eg: \u003ccode\u003eC:\\Program Files\u003c/code\u003e might become \u003ccode\u003eC:\\PROGRA~1\u003c/code\u003e).\u003c/p\u003e\n\u003cp\u003eThanks to \u003ca href=\"https://github.com/skyshineb\"\u003e\u003ccode\u003e@​skyshineb\u003c/code\u003e\u003c/a\u003e for reporting this issue.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/a1170e506eeeaade4a242bfbf6d0620d57872364\"\u003e\u003ccode\u003ea1170e5\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/f7042088aa2dac59e3c49a84d7a2f4b26048a257\"\u003e\u003ccode\u003ef704208\u003c/code\u003e\u003c/a\u003e In extension to CVE-2022-25912, switch to case-insensitive check for `protoco...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/4bb20811eb35c0fa5437553cad4eb8ebf8f6f6e6\"\u003e\u003ccode\u003e4bb2081\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/7ae7537737bafc1e6559a28816785b10926fb095\"\u003e\u003ccode\u003e7ae7537\u003c/code\u003e\u003c/a\u003e Match tokens to word boundary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/c47ad103b07ce768cf69aec63e0c9f7f77a1ab0f\"\u003e\u003ccode\u003ec47ad10\u003c/code\u003e\u003c/a\u003e Lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/8d02097b726c2bc5360b4f55ee3ecb7e09648e4d\"\u003e\u003ccode\u003e8d02097\u003c/code\u003e\u003c/a\u003e Enhanced clone switch detection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/f6909a52807512cb4e29a654db2dcd409b019113\"\u003e\u003ccode\u003ef6909a5\u003c/code\u003e\u003c/a\u003e Remove test timeout override\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/77406267ceb19aa901495b6ae414020daf789ebf\"\u003e\u003ccode\u003e7740626\u003c/code\u003e\u003c/a\u003e Update plugin.unsafe.spec.ts\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/b562a6c4c1a226d9c7789b72c76784f334c1efac\"\u003e\u003ccode\u003eb562a6c\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/steveukx/git-js/commit/23b070f0a4d320af5e745a42ae6176a629409566\"\u003e\u003ccode\u003e23b070f\u003c/code\u003e\u003c/a\u003e Fix regex for CLONE_OPTIONS constant (\u003ca href=\"https://github.com/steveukx/git-js/tree/HEAD/simple-git/issues/1122\"\u003e#1122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/steveukx/git-js/commits/simple-git@3.32.3/simple-git\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for simple-git since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 0.21.2 to 0.31.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.31.0\u003c/h2\u003e\n\u003cp\u003eThis release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and \u003ccode\u003ezizmor\u003c/code\u003e scanning, resolves TypeScript typing issues in \u003ccode\u003eAxiosInstance\u003c/code\u003e, and fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection \u0026amp; Proxy Bypass:\u003c/strong\u003e Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper \u003ccode\u003eNO_PROXY\u003c/code\u003e/\u003ccode\u003eno_proxy\u003c/code\u003e enforcement covering wildcards, explicit ports, loopback aliases (\u003ccode\u003elocalhost\u003c/code\u003e, \u003ccode\u003e127.0.0.1\u003c/code\u003e, \u003ccode\u003e::1\u003c/code\u003e), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and \u003ccode\u003eparsed.host\u003c/code\u003e is used for correct port and IPv6 handling. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e SHA-pins all actions and disables credential persistence in v0.x CI, introduces \u003ccode\u003ezizmor\u003c/code\u003e security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required \u003ccode\u003enpm-publish\u003c/code\u003e GitHub Environment with configurable reviewer protections. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eTypeScript — \u003ccode\u003eAxiosInstance\u003c/code\u003e Return Types:\u003c/strong\u003e Fixes return types in \u003ccode\u003eAxiosInstance\u003c/code\u003e methods to correctly resolve to \u003ccode\u003ePromise\u0026lt;R\u0026gt;\u003c/code\u003e (matching \u003ccode\u003eAxiosPromise\u0026lt;T\u0026gt;\u003c/code\u003e semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance:\u003c/strong\u003e Fixes a performance regression in \u003ccode\u003eisEmptyObject()\u003c/code\u003e that caused excessive computation when the argument was a large string. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eVersioning \u0026amp; CI Workflow:\u003c/strong\u003e Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/nakataki17\"\u003e\u003ccode\u003e@​nakataki17\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/gmasclet\"\u003e\u003ccode\u003e@​gmasclet\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ivan-churakov\"\u003e\u003ccode\u003e@​ivan-churakov\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7328\"\u003e#7328\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v0.30.3...v0.31.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eRelease notes - v0.30.3\u003c/h2\u003e\n\u003cp\u003eThis is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).\u003c/p\u003e\n\u003cp\u003eRecommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.\u003c/p\u003e\n\u003ch2\u003e🛡️ Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBackport: Fix DoS via \u003cstrong\u003eproto\u003c/strong\u003e key in merge config\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003ePatched a vulnerability where specifically crafted configuration objects using the \u003cstrong\u003eproto\u003c/strong\u003e key could cause a Denial of Service during the merge process. - \u003cem\u003eby \u003ca href=\"https://github.com/FeBe95\"\u003e\u003ccode\u003e@​FeBe95\u003c/code\u003e\u003c/a\u003e in [PR \u003ca href=\"https://redirect.github.com/axios/axios/issues/7388\"\u003e#7388\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/axios/axios/pull/7388\"\u003eaxios/axios#7388\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚙️ Maintenance \u0026amp; CI\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Infrastructure Update\u003c/strong\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated Continuous Integration workflows for the v0.x branch to maintain long-term support and build reliability. - \u003cem\u003eby \u003ca href=\"https://github.com/jasonsaayman\"\u003e\u003ccode\u003e@​jasonsaayman\u003c/code\u003e\u003c/a\u003e in [PR \u003ca href=\"https://redirect.github.com/axios/axios/issues/7407\"\u003e#7407\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/axios/axios/pull/7407\"\u003eaxios/axios#7407\u003c/a\u003e)\u003c/em\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Breaking Changes\u003c/h2\u003e\n\u003cp\u003eConfiguration Merging Behavior:\u003c/p\u003e\n\u003cp\u003eAs part of the security fix, Axios now restricts the merging of the \u003cstrong\u003eproto\u003c/strong\u003e key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5073eca0edd37b13a0e39dcb48794d779b7dff8d\"\u003e\u003ccode\u003e5073eca\u003c/code\u003e\u003c/a\u003e chore: release v0.31.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10697\"\u003e#10697\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b57eb1a93214c9d6840035add0cc705fa9d6d697\"\u003e\u003ccode\u003eb57eb1a\u003c/code\u003e\u003c/a\u003e ci: update branch name (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10692\"\u003e#10692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/00ab2af7334d75874605dcd22575673eae638cee\"\u003e\u003ccode\u003e00ab2af\u003c/code\u003e\u003c/a\u003e refactor: change name to have a unified workflow (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10691\"\u003e#10691\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9a66c090bfd946052afba365d809d0c4fbd13238\"\u003e\u003ccode\u003e9a66c09\u003c/code\u003e\u003c/a\u003e chore: added a versioning flow (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10690\"\u003e#10690\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/03cdfc99e8db32a390e12128208b6778492cee9c\"\u003e\u003ccode\u003e03cdfc9\u003c/code\u003e\u003c/a\u003e fix: backport the fixes from the v1 branch (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10688\"\u003e#10688\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/71be4e5c80769329d7845b36a8d31e4f7f042202\"\u003e\u003ccode\u003e71be4e5\u003c/code\u003e\u003c/a\u003e fix: return types in AxiosInstance methods should be Promise\u0026lt;R\u0026gt; (\u003ca href=\"https://redirect.github.com/axios/axios/issues/6253\"\u003e#6253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/62610f69ad140784ba8e4dc3c5ebec888b53682b\"\u003e\u003ccode\u003e62610f6\u003c/code\u003e\u003c/a\u003e fix: fixed performance issue in isEmptyObject() (\u003ca href=\"https://redirect.github.com/axios/axios/issues/6484\"\u003e#6484\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/68f97f7588608595c5251d91ce4c895e90a10ae0\"\u003e\u003ccode\u003e68f97f7\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10667\"\u003e#10667\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/58a604385bf73c5ea19baa2e116de4c63c055852\"\u003e\u003ccode\u003e58a6043\u003c/code\u003e\u003c/a\u003e ci: add zizmor and harden v0.x CI (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10638\"\u003e#10638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/b560d41ab8e748d766bbd09bc90e6272f2cc535f\"\u003e\u003ccode\u003eb560d41\u003c/code\u003e\u003c/a\u003e ci: add OIDC publish workflow for v0.x (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10639\"\u003e#10639\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v0.21.2...v0.31.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.0 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.3.1\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes bug when a pattern containing an expression after the closing parenthesis (\u003ccode\u003e/!(*.d).{ts,tsx}\u003c/code\u003e) was incorrectly converted to regexp (\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241ef\"\u003e9f241ef\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSome documentation improvements (\u003ca href=\"https://github.com/micromatch/picomatch/commit/f81d236\"\u003ef81d236\u003c/a\u003e, \u003ca href=\"https://github.com/micromatch/picomatch/commit/421e0e7\"\u003e421e0e7\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5467a5a9638472610de4f30709991b9a56bb5613\"\u003e\u003ccode\u003e5467a5a\u003c/code\u003e\u003c/a\u003e 2.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9f241efedc15a21bcec1edafd43ee773ceb4bc35\"\u003e\u003ccode\u003e9f241ef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/102\"\u003e#102\u003c/a\u003e from micromatch/ISSUE-93_incorrect_extglob_expanding\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac3cb660ca76764627aa825676df59378dd60bcd\"\u003e\u003ccode\u003eac3cb66\u003c/code\u003e\u003c/a\u003e fix: support stars in negation extglobs with expression after closing parenth...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/719d348d8a01cf23c6c10568191c1ad5a3fc33e3\"\u003e\u003ccode\u003e719d348\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/85\"\u003e#85\u003c/a\u003e from XhmikosR/codeql\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/ac74e57b38a0d16de8e1752a62003e49c1622cec\"\u003e\u003ccode\u003eac74e57\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/91\"\u003e#91\u003c/a\u003e from XhmikosR/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.0...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccod...\n\n_Description has been truncated_","html_url":"https://github.com/hashim21223445/cypress/pull/178","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hashim21223445%2Fcypress/issues/178","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/178/packages"}},{"old_version":"5.0.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-21T15:37:14.000Z","version_change":"5.0.5 → 5.3.0","issue":{"uuid":"4303703864","node_id":"PR_kwDOPKnmcs7UWrQZ","number":195,"state":"open","title":"build(deps): bump the npm_and_yarn group across 4 directories with 19 updates","user":"dependabot[bot]","labels":["dependencies","javascript","caretaker:owned","claude-code"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T15:37:14.000Z","updated_at":"2026-04-22T08:32:05.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":19,"packages":[{"name":"express-rate-limit","old_version":"8.2.1","new_version":"8.3.2","repository_url":"https://github.com/express-rate-limit/express-rate-limit"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"path-to-regexp","old_version":"8.2.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"protobufjs","old_version":"7.5.3","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"undici","old_version":"7.16.0","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the /backend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `8.2.1` | `8.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.2.0` | `8.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.3` | `7.5.5` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [undici](https://github.com/nodejs/undici) | `7.16.0` | `7.25.0` |\n\nBumps the npm_and_yarn group with 1 update in the /embed directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 12 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [undici](https://github.com/nodejs/undici) | `6.21.3` | `6.25.0` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.2` | `removed` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /web directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\n\nUpdates `express-rate-limit` from 8.2.1 to 8.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/releases\"\u003eexpress-rate-limit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.3.2\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.1\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev8.3.0\u003c/h2\u003e\n\u003cp\u003eYou can view the changelog \u003ca href=\"https://express-rate-limit.mintlify.app/reference/changelog\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/c4dbb42c1b4891056545e30a9187a64c8bfeb8bc\"\u003e\u003ccode\u003ec4dbb42\u003c/code\u003e\u003c/a\u003e 8.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/8f1cc6639a430d6409e600c8e5434c1bc1e572bf\"\u003e\u003ccode\u003e8f1cc66\u003c/code\u003e\u003c/a\u003e v8.3.2 changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/601b87f5d171487ed035ccdfee17ec75f5b22f2d\"\u003e\u003ccode\u003e601b87f\u003c/code\u003e\u003c/a\u003e Fix skipFailedRequests for for connections that close very early (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/014c2f32708c0fdb5544834c3e77043e041ae38a\"\u003e\u003ccode\u003e014c2f3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 6 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/4e8b18bf972eff2890ed67bd11d8a08a2c6502d5\"\u003e\u003ccode\u003e4e8b18b\u003c/code\u003e\u003c/a\u003e Remove Zuplo sponsorship details from README (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/613\"\u003e#613\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/31dab192a3798984b89e78bfacf755f361f29660\"\u003e\u003ccode\u003e31dab19\u003c/code\u003e\u003c/a\u003e test: use numeric range for reset timestamp assertion (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/f82ad139611ed69c451f113913f0347ee78d19ec\"\u003e\u003ccode\u003ef82ad13\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development-dependencies group with 2 updates (\u003ca href=\"https://redirect.github.com/express-rate-limit/express-rate-limit/issues/609\"\u003e#609\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/fa0b0982049814870faf9d57b7588a0b9acd107f\"\u003e\u003ccode\u003efa0b098\u003c/code\u003e\u003c/a\u003e docs: fix broken link\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/47e5b2952fe697ac0a5f8a6aa86f050f6f2c0ce5\"\u003e\u003ccode\u003e47e5b29\u003c/code\u003e\u003c/a\u003e 8.3.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/commit/eb61179a49064c7e86f6f8688be742343b1f1b8e\"\u003e\u003ccode\u003eeb61179\u003c/code\u003e\u003c/a\u003e v8.3.1 changelog\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/express-rate-limit/express-rate-limit/compare/v8.2.1...v8.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for express-rate-limit since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.2.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.2.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.3 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-03-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump protobufjs dependency version for cli package (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2128\"\u003e#2128\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377\"\u003e549b05e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecorrect json syntax in tsconfig.json (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2120\"\u003e#2120\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687\"\u003e8065625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edescriptor:\u003c/strong\u003e guard oneof index for non-Type parents (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2122\"\u003e#2122\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728\"\u003e1cac5cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad\"\u003ef05e3c3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75\"\u003e535df44\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7\"\u003e53e8492\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 7.16.0 to 7.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.8...v7.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: backport 401 stream-backed body fix to v7.x by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/5006\"\u003enodejs/undici#5006\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.7...v7.24.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.7\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update broken links in file \u0026quot;Dispatcher.md\u0026quot; by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edoc: remove unused parameter \u003ccode\u003eredirectionLimitReached\u003c/code\u003e by \u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4933\"\u003enodejs/undici#4933\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip flaky macOS Node 20 cookie fetch cases by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4932\"\u003enodejs/undici#4932\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): align Response with DOM fetch types by \u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4867\"\u003enodejs/undici#4867\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(types): Fix clone method type declaration to be an instance method rather than instance property by \u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: skip IPv6 tests when IPv6 is not available by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4939\"\u003enodejs/undici#4939\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: correctly handle multi-value rawHeaders in fetch by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4938\"\u003enodejs/undici#4938\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eignore AGENTS.md by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4942\"\u003enodejs/undici#4942\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samuel871211\"\u003e\u003ccode\u003e@​samuel871211\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4924\"\u003enodejs/undici#4924\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mistval\"\u003e\u003ccode\u003e@​mistval\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4925\"\u003enodejs/undici#4925\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.6...v7.24.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.24.6\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(test): client wasm compatible with clang 22 by \u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(mock): improve error message when intercepts are exhausted by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4912\"\u003enodejs/undici#4912\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(websocket): support open diagnostics over h2 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4921\"\u003enodejs/undici#4921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: assume http/https scheme for scheme-less proxy env vars by \u003ca href=\"https://github.com/travisbreaks\"\u003e\u003ccode\u003e@​travisbreaks\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4914\"\u003enodejs/undici#4914\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(cache): check Authorization on request headers per RFC 9111 §3.5 by \u003ca href=\"https://github.com/metalix2\"\u003e\u003ccode\u003e@​metalix2\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4911\"\u003enodejs/undici#4911\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: wrap kConnector call in try/catch to prevent client hang by \u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify fetch and FormData pairing by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4922\"\u003enodejs/undici#4922\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support Connection header with connection-specific header names per RFC 7230 by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4775\"\u003enodejs/undici#4775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid prototype collisions in parseHeaders by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4923\"\u003enodejs/undici#4923\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump typescript from 5.9.3 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4926\"\u003enodejs/undici#4926\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: auto-init WPT submodule by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4930\"\u003enodejs/undici#4930\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rozzilla\"\u003e\u003ccode\u003e@​rozzilla\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4909\"\u003enodejs/undici#4909\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/veeceey\"\u003e\u003ccode\u003e@​veeceey\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/nodejs/undici/pull/4834\"\u003enodejs/undici#4834\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\"\u003ehttps://github.com/nodejs/undici/compare/v7.24.5...v7.24.6\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/12d9045923b7caebb1ae6975ef34c29dbcfd95d0\"\u003e\u003ccode\u003e12d9045\u003c/code\u003e\u003c/a\u003e Bumped v7.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5025\"\u003e#5025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/7a6f7febb30a30748a04f38c21e3641c77d21b0e\"\u003e\u003ccode\u003e7a6f7fe\u003c/code\u003e\u003c/a\u003e Bumped v7.24.8 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5020\"\u003e#5020\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1f85ae4b27ed6401e7ccc35eb546ad2e5976121f\"\u003e\u003ccode\u003e1f85ae4\u003c/code\u003e\u003c/a\u003e fix: avoid 401 failures for stream-backed request bodies (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4941\"\u003e#4941\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5006\"\u003e#5006\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c6610674dfad7c205ddf0f27831133973ad7894e\"\u003e\u003ccode\u003ec661067\u003c/code\u003e\u003c/a\u003e chore: update v7.x maintenance release flow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/84f23e2a19cd0f585579c4257d801e4ec2d65dbd\"\u003e\u003ccode\u003e84f23e2\u003c/code\u003e\u003c/a\u003e Bumped v7.24.7 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4947\"\u003e#4947\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a770b1033201984b9e8082a9bf955414bff5dc2e\"\u003e\u003ccode\u003ea770b10\u003c/code\u003e\u003c/a\u003e ignore AGENTS.md (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4942\"\u003e#4942\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/6acd19beaf67c1a2d07bcd38f40d0b751a81e7cc\"\u003e\u003ccode\u003e6acd19b\u003c/code\u003e\u003c/a\u003e fix: correctly handle multi-value rawHeaders in fetch (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4938\"\u003e#4938\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/1da1c747c7d6e01b93ab295e0efb86623f3c8e06\"\u003e\u003ccode\u003e1da1c74\u003c/code\u003e\u003c/a\u003e test: skip IPv6 tests when IPv6 is not available (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4939\"\u003e#4939\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/04cb77327f7ada95c2e5b67424cddcb22d7bf882\"\u003e\u003ccode\u003e04cb773\u003c/code\u003e\u003c/a\u003e fix(types): Fix clone method type declaration to be an instance method rather...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/5145a7c47080d1715b2723591def3a75b0c3ba63\"\u003e\u003ccode\u003e5145a7c\u003c/code\u003e\u003c/a\u003e fix(types): align Response with DOM fetch types (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4867\"\u003e#4867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v7.16.0...v7.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.21 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates ...\n\n_Description has been truncated_","html_url":"https://github.com/ianlintner/Example-React-AI-Chat-App/pull/195","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlintner%2FExample-React-AI-Chat-App/issues/195","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/195/packages"}},{"old_version":"5.2.2","new_version":"5.3.0","update_type":"minor","path":"/test/frontend-integration-test","pr_created_at":"2026-04-21T11:50:58.000Z","version_change":"5.2.2 → 5.3.0","issue":{"uuid":"4302375906","node_id":"PR_kwDOB-71UM7USVYk","number":13292,"state":"open","title":"chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 in /test/frontend-integration-test","user":"dependabot[bot]","labels":["lgtm","approved","size/XS","ok-to-test","dependencies","javascript"],"assignees":["jeffspahr"],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T11:50:58.000Z","updated_at":"2026-04-26T21:19:37.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"basic-ftp","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":"/test/frontend-integration-test","ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.2 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/kubeflow/pipelines/pull/13292","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/kubeflow%2Fpipelines/issues/13292","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13292/packages"}},{"old_version":"5.0.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-21T06:07:27.000Z","version_change":"5.0.5 → 5.3.0","issue":{"uuid":"4300632054","node_id":"PR_kwDOPKnmcs7UMqcC","number":189,"state":"open","title":"build(deps): bump the npm_and_yarn group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript","caretaker:owned"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-21T06:07:27.000Z","updated_at":"2026-04-22T05:56:17.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@xmldom/xmldom","old_version":"0.8.11","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"undici","old_version":"6.22.0","new_version":"6.25.0","repository_url":"https://github.com/nodejs/undici"},{"name":"node-forge","old_version":"1.3.2","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tar","old_version":"7.5.2","new_version":"7.5.13","repository_url":"https://github.com/isaacs/node-tar"},{"name":"yaml","old_version":"2.8.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 10 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.11` | `0.8.13` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [undici](https://github.com/nodejs/undici) | `6.22.0` | `6.25.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.4.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tar](https://github.com/isaacs/node-tar) | `7.5.2` | `7.5.13` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.1` | `2.8.3` |\n\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.11 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 6.22.0 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v6.22.0...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.2 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.2...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `socket.io-parser` from 4.2.4 to 4.2.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/socketio/socket.io/releases\"\u003esocket.io-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003esocket.io-parser@4.2.6\u003c/h2\u003e\n\u003cp\u003eThis release includes a fix for \u003ca href=\"https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9\"\u003eCVE-2026-33151\u003c/a\u003e. Please upgrade as soon as possible.\u003c/p\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd a limit to the number of binary attachments (\u003ca href=\"https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78\"\u003eb25738c\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003esocket.io-parser@4.2.5\u003c/h2\u003e\n\u003cp\u003eThis release contains a bump of \u003ccode\u003edebug\u003c/code\u003e from \u003ccode\u003e~4.3.1\u003c/code\u003e to \u003ccode\u003e~4.4.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/522edcdbb89da5eb647abb93c73229d1e91c304f\"\u003e\u003ccode\u003e522edcd\u003c/code\u003e\u003c/a\u003e chore(release): socket.io-parser@4.2.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/3fff7cafa98f1ba5840475b6917c651fe841a943\"\u003e\u003ccode\u003e3fff7ca\u003c/code\u003e\u003c/a\u003e fix(parser): add a limit to the number of binary attachments\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/37aad11417d1020cf51d27a0cf90fa367efd5dc1\"\u003e\u003ccode\u003e37aad11\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/ba9cd6900d0d84678623cd8e3a42165e922f3fbd\"\u003e\u003ccode\u003eba9cd69\u003c/code\u003e\u003c/a\u003e revert: fix: cleanup pending acks on timeout to prevent memory leak\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/84c2fb78217b6375b38e0b47e0d59d7b1b8431d7\"\u003e\u003ccode\u003e84c2fb7\u003c/code\u003e\u003c/a\u003e chore(release): engine.io@6.6.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/07cbe1510ded7e5460cb82e026e2533e50e30eaf\"\u003e\u003ccode\u003e07cbe15\u003c/code\u003e\u003c/a\u003e fix(eio): add \u003ccode\u003e@​types/ws\u003c/code\u003e as dependency (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5458\"\u003e#5458\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/44ed73f53995d35ef0c8d10df6806d5687238282\"\u003e\u003ccode\u003e44ed73f\u003c/code\u003e\u003c/a\u003e fix(eio): emit initial_headers and headers events in uServer (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5460\"\u003e#5460\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/da04267ffc7b0903ca91f2fccb80e56246d13328\"\u003e\u003ccode\u003eda04267\u003c/code\u003e\u003c/a\u003e fix: cleanup pending acks on timeout to prevent memory leak (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5442\"\u003e#5442\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/74599a6b9e3dbeff1a9efe46c305d5d25d6e3dd8\"\u003e\u003ccode\u003e74599a6\u003c/code\u003e\u003c/a\u003e fix(types): properly import http module\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/socketio/socket.io/commit/d48718cb675721fc1252775115592ebd1b255899\"\u003e\u003ccode\u003ed48718c\u003c/code\u003e\u003c/a\u003e ci: use actions/checkout@v6 and actions/setup-node@v6 (\u003ca href=\"https://redirect.github.com/socketio/socket.io/issues/5449\"\u003e#5449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/socketio/socket.io/compare/socket.io-parser@4.2.4...socket.io-parser@4.2.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for socket.io-parser since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.5.2 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.5.2...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.1 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930\"\u003e\u003ccode\u003e086fa6b\u003c/code\u003e\u003c/a\u003e 2.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752\"\u003e\u003ccode\u003e95f01e9\u003c/code\u003e\u003c/a\u003e chore: Add funding to package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.8.1...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ianlintner/Example-React-AI-Chat-App/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ianlintner/Example-React-AI-Chat-App/pull/189","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianlintner%2FExample-React-AI-Chat-App/issues/189","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/189/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-20T23:52:42.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4299370077","node_id":"PR_kwDODYkkLs7UIpif","number":5518,"state":"open","title":"build(deps): bump the npm_and_yarn group across 2 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-20T23:52:42.000Z","updated_at":"2026-04-20T23:55:18.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"protobufjs","old_version":"7.3.2","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"@hono/node-server","old_version":"1.19.10","new_version":"1.19.14","repository_url":"https://github.com/honojs/node-server"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"hono","old_version":"4.12.7","new_version":"4.12.14","repository_url":"https://github.com/honojs/hono"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"path-to-regexp","old_version":"8.3.0","new_version":"8.4.2","repository_url":"https://github.com/pillarjs/path-to-regexp"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 4 updates in the /infra/perfetto.dev directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [brace-expansion](https://github.com/juliangruber/brace-expansion), [dompurify](https://github.com/cure53/DOMPurify) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 9 updates in the /ui directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.3.2` | `7.5.5` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.10` | `1.19.14` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [hono](https://github.com/honojs/hono) | `4.12.7` | `4.12.14` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `8.3.0` | `8.4.2` |\n\n\nUpdates `protobufjs` from 6.11.4 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/v6.11.4...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dompurify` from 3.3.2 to 3.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/cure53/DOMPurify/releases\"\u003edompurify's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eDOMPurify 3.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eMost relevant changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a problem with \u003ccode\u003eFORBID_TAGS\u003c/code\u003e not winning over \u003ccode\u003eADD_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/kodareef5\"\u003e\u003ccode\u003e@​kodareef5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed several minor problems and typos regarding MathML attributes, thanks \u003ca href=\"https://github.com/DavidOliver\"\u003e\u003ccode\u003e@​DavidOliver\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eADD_ATTR\u003c/code\u003e/\u003ccode\u003eADD_TAGS\u003c/code\u003e function leaking into subsequent array-based calls, thanks \u003ca href=\"https://github.com/1Jesper1\"\u003e\u003ccode\u003e@​1Jesper1\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a missing \u003ccode\u003eSAFE_FOR_TEMPLATES\u003c/code\u003e scrub in \u003ccode\u003eRETURN_DOM\u003c/code\u003e path, thanks \u003ca href=\"https://github.com/bencalif\"\u003e\u003ccode\u003e@​bencalif\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a prototype pollution via \u003ccode\u003eCUSTOM_ELEMENT_HANDLING\u003c/code\u003e, thanks \u003ca href=\"https://github.com/trace37labs\"\u003e\u003ccode\u003e@​trace37labs\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_TAGS\u003c/code\u003e function form bypassing \u003ccode\u003eFORBID_TAGS\u003c/code\u003e, thanks \u003ca href=\"https://github.com/eddieran\"\u003e\u003ccode\u003e@​eddieran\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eADD_ATTR\u003c/code\u003e predicates skipping URI validation, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue with \u003ccode\u003eUSE_PROFILES\u003c/code\u003e prototype pollution, thanks \u003ca href=\"https://github.com/christos-eth\"\u003e\u003ccode\u003e@​christos-eth\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed an issue leading to possible mXSS via Re-Contextualization, thanks \u003ca href=\"https://github.com/researchatfluidattacks\"\u003e\u003ccode\u003e@​researchatfluidattacks\u003c/code\u003e\u003c/a\u003e and others\u003c/li\u003e\n\u003cli\u003eFixed an issue with closing tags leading to possible mXSS, thanks \u003ca href=\"https://github.com/frevadiscor\"\u003e\u003ccode\u003e@​frevadiscor\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a problem with the type dentition patcher after Node version bump\u003c/li\u003e\n\u003cli\u003eFixed freezing BS runs by reducing the tested browsers array\u003c/li\u003e\n\u003cli\u003eBumped several dependencies where possible\u003c/li\u003e\n\u003cli\u003eAdded needed files for OpenSSF scorecard checks\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePublished Advisories are here:\u003c/strong\u003e\n\u003ca href=\"https://github.com/cure53/DOMPurify/security/advisories?state=published\"\u003ehttps://github.com/cure53/DOMPurify/security/advisories?state=published\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDOMPurify 3.3.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an engine requirement for Node 20 which caused hiccups, thanks \u003ca href=\"https://github.com/Rotzbua\"\u003e\u003ccode\u003e@​Rotzbua\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9\"\u003e\u003ccode\u003e5b16e0b\u003c/code\u003e\u003c/a\u003e Getting 3.x branch ready for 3.4.0 release (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1250\"\u003e#1250\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/8bcbf73ae7eb56e7b4f1300b66cf543342c7ee27\"\u003e\u003ccode\u003e8bcbf73\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.3 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/5faddd60af7b4d612f32a0c6b44432b77c8c490c\"\u003e\u003ccode\u003e5faddd6\u003c/code\u003e\u003c/a\u003e fix: engine requirement (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/0f91e3add5c028bc4110c513b0c2571b284c35af\"\u003e\u003ccode\u003e0f91e3a\u003c/code\u003e\u003c/a\u003e Update README.md\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/d5ff1a8c605df1df998c2e7df2c4c8ac762b0dea\"\u003e\u003ccode\u003ed5ff1a8\u003c/code\u003e\u003c/a\u003e Merge branch 'main' of github.com:cure53/DOMPurify\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/c3efd489010366e755de9d65fd741888fd8b7462\"\u003e\u003ccode\u003ec3efd48\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/988b888108c8df911ef37e68d0e26c85ad90e885\"\u003e\u003ccode\u003e988b888\u003c/code\u003e\u003c/a\u003e fix: moved back from jsdom 28 to jsdom 20\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/2726c74e9c6a0645127d1630e5ca49f64bc9fe67\"\u003e\u003ccode\u003e2726c74\u003c/code\u003e\u003c/a\u003e chore: Preparing 3.3.2 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/6202c7e43e9df01ba606396aed60fbae5583f7a1\"\u003e\u003ccode\u003e6202c7e\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​tootallnate/once\u003c/code\u003e and jsdom (\u003ca href=\"https://redirect.github.com/cure53/DOMPurify/issues/1204\"\u003e#1204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cure53/DOMPurify/commit/302b51de22535cc90235472c52e3401bedd46f80\"\u003e\u003ccode\u003e302b51d\u003c/code\u003e\u003c/a\u003e fix: Expanded the regex ever so slightly to also cover script\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.3.2 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/v6.11.4...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.2...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.4\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ehttps://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334\"\u003e\u003ccode\u003ee5474fc\u003c/code\u003e\u003c/a\u003e Publish 4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903\"\u003e\u003ccode\u003e4516eb5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d\"\u003e\u003ccode\u003e5eceecd\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238\"\u003e\u003ccode\u003e0db7dd7\u003c/code\u003e\u003c/a\u003e Run benchmark again against latest minimatch version (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/161\"\u003e#161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a\"\u003e\u003ccode\u003e9500377\u003c/code\u003e\u003c/a\u003e docs: clarify what brace expansion syntax is and isn't supported (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/134\"\u003e#134\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171\"\u003e\u003ccode\u003e2661f23\u003c/code\u003e\u003c/a\u003e fix typo in globstars.js test name (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/138\"\u003e#138\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7\"\u003e\u003ccode\u003e1798b07\u003c/code\u003e\u003c/a\u003e docs: fix \u003ccode\u003emakeRe\u003c/code\u003e example (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8\"\u003e\u003ccode\u003e9d76bc5\u003c/code\u003e\u003c/a\u003e chore: undocument removed options (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/146\"\u003e#146\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d\"\u003e\u003ccode\u003ee4d718b\u003c/code\u003e\u003c/a\u003e Remove unused time-require (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76\"\u003e\u003ccode\u003e38dffeb\u003c/code\u003e\u003c/a\u003e chore(deps): pin dependencies (\u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@hono/node-server` from 1.19.10 to 1.19.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/node-server/releases\"\u003e\u003ccode\u003e@​hono/node-server\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.19.14\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add custom inspect to lightweight Request/Response to prevent TypeError on console.log by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/340\"\u003ehonojs/node-server#340\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.13...v1.19.14\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.13\u003c/h2\u003e\n\u003ch2\u003eSecurity Fix\u003c/h2\u003e\n\u003cp\u003eFixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (\u003ccode\u003e//\u003c/code\u003e) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.\u003c/p\u003e\n\u003cp\u003eSee GHSA-92pp-h63x-v22m for details.\u003c/p\u003e\n\u003ch2\u003ev1.19.12\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: ignore claude setting by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/314\"\u003ehonojs/node-server#314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: request draining for early 413 responses by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/329\"\u003ehonojs/node-server#329\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.11...v1.19.12\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.19.11\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by \u003ca href=\"https://github.com/usualoma\"\u003e\u003ccode\u003e@​usualoma\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/node-server/pull/309\"\u003ehonojs/node-server#309\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\"\u003ehttps://github.com/honojs/node-server/compare/v1.19.10...v1.19.11\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/b5e63a366d9b0ef62ac65fcafd7f69b383b03ff5\"\u003e\u003ccode\u003eb5e63a3\u003c/code\u003e\u003c/a\u003e 1.19.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c02d7770a2d29ea473403211bef0a60639885a28\"\u003e\u003ccode\u003ec02d777\u003c/code\u003e\u003c/a\u003e fix: add custom inspect to lightweight Request/Response to prevent TypeError ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90\"\u003e\u003ccode\u003efd64e65\u003c/code\u003e\u003c/a\u003e 1.19.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2\"\u003e\u003ccode\u003e025c30f\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9\"\u003e\u003ccode\u003e6cdb5a7\u003c/code\u003e\u003c/a\u003e 1.19.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94\"\u003e\u003ccode\u003e70250f7\u003c/code\u003e\u003c/a\u003e fix: request draining for early 413 responses (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/329\"\u003e#329\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb\"\u003e\u003ccode\u003ecfc08b3\u003c/code\u003e\u003c/a\u003e chore: ignore claude setting (\u003ca href=\"https://redirect.github.com/honojs/node-server/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b\"\u003e\u003ccode\u003eecd4d6b\u003c/code\u003e\u003c/a\u003e 1.19.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111\"\u003e\u003ccode\u003ec944899\u003c/code\u003e\u003c/a\u003e fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/honojs/node-server/compare/v1.19.10...v1.19.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hono` from 4.12.7 to 4.12.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/honojs/hono/releases\"\u003ehono's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.12.14\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eImproper handling of JSX attribute names in hono/jsx SSR\u003c/h3\u003e\n\u003cp\u003eAffects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375\u003c/p\u003e\n\u003ch2\u003eOther changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)  fa2c74fe\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.12.13\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(types): infer response type from last handler in app.on 9-/10-handler overloads by \u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4862\"\u003ehonojs/hono#4862\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option by \u003ca href=\"https://github.com/yusukebe\"\u003e\u003ccode\u003e@​yusukebe\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4876\"\u003ehonojs/hono#4876\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/T4ko0522\"\u003e\u003ccode\u003e@​T4ko0522\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/honojs/hono/pull/4865\"\u003ehonojs/hono#4865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.12...v4.12.13\"\u003ehttps://github.com/honojs/hono/compare/v4.12.12...v4.12.13\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.12.12\u003c/h2\u003e\n\u003ch2\u003eSecurity fixes\u003c/h2\u003e\n\u003cp\u003eThis release includes fixes for the following security issues:\u003c/p\u003e\n\u003ch3\u003eMiddleware bypass via repeated slashes in serveStatic\u003c/h3\u003e\n\u003cp\u003eAffects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (\u003ccode\u003e//\u003c/code\u003e) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c\u003c/p\u003e\n\u003ch3\u003ePath traversal in toSSG() allows writing files outside the output directory\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003etoSSG()\u003c/code\u003e for Static Site Generation. Fixes a path traversal issue where crafted \u003ccode\u003essgParams\u003c/code\u003e values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx\u003c/p\u003e\n\u003ch3\u003eIncorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses\u003c/h3\u003e\n\u003cp\u003eAffects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. \u003ccode\u003e::ffff:127.0.0.1\u003c/code\u003e) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g\u003c/p\u003e\n\u003ch3\u003eMissing validation of cookie name on write path in setCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003esetCookie()\u003c/code\u003e, \u003ccode\u003eserialize()\u003c/code\u003e, and \u003ccode\u003eserializeSigned()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm\u003c/p\u003e\n\u003ch3\u003eNon-breaking space prefix bypass in cookie name handling in getCookie()\u003c/h3\u003e\n\u003cp\u003eAffects: \u003ccode\u003egetCookie()\u003c/code\u003e from \u003ccode\u003ehono/cookie\u003c/code\u003e. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4\u003c/p\u003e\n\u003chr /\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba\"\u003e\u003ccode\u003ecf2d2b7\u003c/code\u003e\u003c/a\u003e 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee\"\u003e\u003ccode\u003e66daa2e\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e\"\u003e\u003ccode\u003efa2c74f\u003c/code\u003e\u003c/a\u003e fix(aws-lambda): handle invalid header names in request processing (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4883\"\u003e#4883\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779\"\u003e\u003ccode\u003e3779927\u003c/code\u003e\u003c/a\u003e 4.12.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720\"\u003e\u003ccode\u003efaa6c46\u003c/code\u003e\u003c/a\u003e feat(cache): add \u003ccode\u003eonCacheNotAvailable\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4876\"\u003e#4876\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d\"\u003e\u003ccode\u003ef23e97b\u003c/code\u003e\u003c/a\u003e feat(trailing-slash): add \u003ccode\u003eskip\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/honojs/hono/issues/4862\"\u003e#4862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb\"\u003e\u003ccode\u003e1aa32fb\u003c/code\u003e\u003c/a\u003e fix(types): infer response type from last handler in app.on 9- and 10-handler...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d\"\u003e\u003ccode\u003ec37ba26\u003c/code\u003e\u003c/a\u003e 4.12.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0\"\u003e\u003ccode\u003ecc067c8\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec\"\u003e\u003ccode\u003ea586cd7\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/honojs/hono/compare/v4.12.7...v4.12.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 8.3.0 to 8.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.4.2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eError on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)  9a78879\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003ePerformance\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMinimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)  937c02d\u003c/li\u003e\n\u003cli\u003eImprove compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)  57247e6\n\u003cul\u003e\n\u003cli\u003eShould improve compilation performance by ~25%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRemove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)  5844988\n\u003cul\u003e\n\u003cli\u003eShould improve parse performance by ~20%\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBundle size\u003c/strong\u003e to 1.93 kB, from 1.97 kB.\u003c/p\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.1...v8.4.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRemove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)  6bc8e84\n\u003cul\u003e\n\u003cli\u003eUsing a trie required non-greedy matching, which regressed wildcards in non-ending mode by matching them up until the first match. For example:\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e/*foo\u003c/code\u003e with \u003ccode\u003e/a/b\u003c/code\u003e = \u003ccode\u003e/a\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e/*foo.html\u003c/code\u003ewith \u003ccode\u003e/a/b.html/c.html\u003c/code\u003e = \u003ccode\u003e/a/b.html\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eAllow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)  5bcd30b\n\u003cul\u003e\n\u003cli\u003eWhen backtracking was introduced, it rejected matching things like \u003ccode\u003e/:\u0026quot;a\u0026quot;_:\u0026quot;b\u0026quot;\u003c/code\u003e against \u003ccode\u003e/foo__\u003c/code\u003e. This makes intuitive sense because the second parameter is not going to backtrack on \u003ccode\u003e_\u003c/code\u003e anymore, but it's somewhat unexpected since there's no reason it shouldn't match the second \u003ccode\u003e_\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v8.4.0...v8.4.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eImportant\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4926\"\u003eCVE-2026-4926\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f\"\u003eGHSA-j3q9-mxjg-w52f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4923\"\u003eCVE-2026-4923\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-27v5-c462-wpq7\"\u003eGHSA-27v5-c462-wpq7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFixed\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRestricts wildcard backtracking when using more than 1 in a path (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/421\"\u003epillarjs/path-to-regexp#421\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eChanged\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eDedupes regex prefixes (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/422\"\u003epillarjs/path-to-regexp#422\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eThis will result in shorter regular expressions for some cases using optional groups\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eRejects large optional route combinations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/pull/424\"\u003epillarjs/path-to-regexp#424\u003c/a\u003e)\n\u003cul\u003e\n\u003cli\u003eWhen using groups such as \u003ccode\u003e/users{/delete}\u003c/code\u003e it will restrict the number of generated combinations to \u0026lt; 256, equivalent to 8 top-level optional groups and unlikely to occur in a real world application, but avoids exploding the regex size for applications that accept user created routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/cbf30259e6d34d6135f9e7dbaa3371e7188f9936\"\u003e\u003ccode\u003ecbf3025\u003c/code\u003e\u003c/a\u003e 8.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/937c02df571aef02832610100859efab21995320\"\u003e\u003ccode\u003e937c02d\u003c/code\u003e\u003c/a\u003e Minimize array allocations (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/437\"\u003e#437\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/57247e63fd061aa17b9f75c87712c680b223ee04\"\u003e\u003ccode\u003e57247e6\u003c/code\u003e\u003c/a\u003e Improve compile performance (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/436\"\u003e#436\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/58449883539022c9ac36ea3e9abb0fc7b9d84223\"\u003e\u003ccode\u003e5844988\u003c/code\u003e\u003c/a\u003e Remove internal tokenization during parse (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/435\"\u003e#435\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9a788793e7eeb0ccf9c53c1cb54d297b5badfcc3\"\u003e\u003ccode\u003e9a78879\u003c/code\u003e\u003c/a\u003e Error on trailing backslash (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/434\"\u003e#434\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7f058760ae0867fdd75e5ed07d7096f782c1f752\"\u003e\u003ccode\u003e7f05876\u003c/code\u003e\u003c/a\u003e 8.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/6bc8e84677caa52de6db7b2b17a6729ec155b070\"\u003e\u003ccode\u003e6bc8e84\u003c/code\u003e\u003c/a\u003e Remove trie deduplication (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/431\"\u003e#431\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/5bcd30b790fecfd4798521af28a57214996c4139\"\u003e\u003ccode\u003e5bcd30b\u003c/code\u003e\u003c/a\u003e Allow backtrack handling to match itself (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/427\"\u003e#427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9f9c6c501f6d015db3df224d2479475d59cac0a5\"\u003e\u003ccode\u003e9f9c6c5\u003c/code\u003e\u003c/a\u003e Add parsing to benchmarks (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd31e0cde4f35b5f15f1676eabe3484618038ad\"\u003e\u003ccode\u003e9fd31e0\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etrailing: false\u003c/code\u003e tests (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/428\"\u003e#428\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v8.3.0...v8.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/google/perfetto/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/google/perfetto/pull/5518","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fperfetto/issues/5518","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5518/packages"}},{"old_version":"5.2.2","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-20T00:45:12.000Z","version_change":"5.2.2 → 5.3.0","issue":{"uuid":"4292472226","node_id":"PR_kwDOCY9Qkc7TyTwx","number":1041,"state":"closed","title":"Bump the npm-dependencies group with 18 updates","user":"dependabot[bot]","labels":["dependencies","javascript","minor"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T14:58:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T00:45:12.000Z","updated_at":"2026-04-20T14:59:09.000Z","time_to_close":51227,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm-dependencies","update_count":18,"packages":[{"name":"i18next","old_version":"26.0.4","new_version":"26.0.6","repository_url":"https://github.com/i18next/i18next"},{"name":"puppeteer-core","old_version":"24.40.0","new_version":"24.41.0","repository_url":"https://github.com/puppeteer/puppeteer"},{"name":"webpack","old_version":"5.106.1","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"},{"name":"@csstools/css-syntax-patches-for-csstree","old_version":"1.1.2","new_version":"1.1.3","repository_url":"https://github.com/csstools/postcss-plugins"},{"name":"@emnapi/core","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/toyobayashi/emnapi"},{"name":"@emnapi/runtime","old_version":"1.9.2","new_version":"1.10.0","repository_url":"https://github.com/toyobayashi/emnapi"},{"name":"@istanbuljs/schema","old_version":"0.1.3","new_version":"0.1.6","repository_url":"https://github.com/istanbuljs/schema"},{"name":"bare-fs","old_version":"4.7.0","new_version":"4.7.1","repository_url":"https://github.com/holepunchto/bare-fs"},{"name":"bare-url","old_version":"2.4.0","new_version":"2.4.1","repository_url":"https://github.com/holepunchto/bare-url"},{"name":"baseline-browser-mapping","old_version":"2.10.18","new_version":"2.10.20","repository_url":"https://github.com/web-platform-dx/baseline-browser-mapping"},{"name":"basic-ftp","old_version":"5.2.2","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"caniuse-lite","old_version":"1.0.30001787","new_version":"1.0.30001788","repository_url":"https://github.com/browserslist/caniuse-lite"},{"name":"electron-to-chromium","old_version":"1.5.335","new_version":"1.5.340","repository_url":"https://github.com/Kilian/electron-to-chromium"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"hasown","old_version":"2.0.2","new_version":"2.0.3","repository_url":"https://github.com/inspect-js/hasOwn"},{"name":"postcss","old_version":"8.5.9","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"puppeteer","old_version":"24.40.0","new_version":"24.41.0","repository_url":"https://github.com/puppeteer/puppeteer"},{"name":"undici","old_version":"7.24.8","new_version":"7.25.0","repository_url":"https://github.com/nodejs/undici"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm-dependencies group with 18 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [i18next](https://github.com/i18next/i18next) | `26.0.4` | `26.0.6` |\n| [puppeteer-core](https://github.com/puppeteer/puppeteer) | `24.40.0` | `24.41.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.106.1` | `5.106.2` |\n| [@csstools/css-syntax-patches-for-csstree](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-syntax-patches-for-csstree) | `1.1.2` | `1.1.3` |\n| [@emnapi/core](https://github.com/toyobayashi/emnapi) | `1.9.2` | `1.10.0` |\n| [@emnapi/runtime](https://github.com/toyobayashi/emnapi) | `1.9.2` | `1.10.0` |\n| [@istanbuljs/schema](https://github.com/istanbuljs/schema) | `0.1.3` | `0.1.6` |\n| [bare-fs](https://github.com/holepunchto/bare-fs) | `4.7.0` | `4.7.1` |\n| [bare-url](https://github.com/holepunchto/bare-url) | `2.4.0` | `2.4.1` |\n| [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.18` | `2.10.20` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.2` | `5.3.0` |\n| [caniuse-lite](https://github.com/browserslist/caniuse-lite) | `1.0.30001787` | `1.0.30001788` |\n| [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.335` | `1.5.340` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [hasown](https://github.com/inspect-js/hasOwn) | `2.0.2` | `2.0.3` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.9` | `8.5.10` |\n| [puppeteer](https://github.com/puppeteer/puppeteer) | `24.40.0` | `24.41.0` |\n| [undici](https://github.com/nodejs/undici) | `7.24.8` | `7.25.0` |\n\nUpdates `i18next` from 26.0.4 to 26.0.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next/releases\"\u003ei18next's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev26.0.6\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit. GHSA advisory filed after release.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: warn when a translation string combines \u003ccode\u003eescapeValue: false\u003c/code\u003e with interpolated variables inside a \u003ccode\u003e$t(key, { ... \u0026quot;{{var}}\u0026quot; ... })\u003c/code\u003e nesting-options block. In that narrow combination, attacker-controlled string values containing \u003ccode\u003e\u0026quot;\u003c/code\u003e can break out of the JSON options literal and inject additional nesting options (e.g. redirect \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e). The default \u003ccode\u003eescapeValue: true\u003c/code\u003e configuration is unaffected because HTML-escaping neutralises the quote before \u003ccode\u003eJSON.parse\u003c/code\u003e. See the security docs for mitigation guidance (GHSA-TBD)\u003c/li\u003e\n\u003cli\u003esecurity: apply \u003ccode\u003eregexEscape\u003c/code\u003e to \u003ccode\u003eunescapePrefix\u003c/code\u003e / \u003ccode\u003eunescapeSuffix\u003c/code\u003e on par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the \u003ccode\u003e{{- var}}\u003c/code\u003e syntax when the delimiter contains characters like \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e.\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003esecurity: strip CR/LF/NUL and other C0/C1 control characters from string log arguments to prevent log forging via user-controlled translation keys, language codes, namespaces, or interpolation variable names (CWE-117)\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev26.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language state when the target language is not yet loaded — a race between \u003ccode\u003einit()\u003c/code\u003e's deferred \u003ccode\u003eload()\u003c/code\u003e and the user's \u003ccode\u003echangeLanguage()\u003c/code\u003e could overwrite \u003ccode\u003eisLanguageChangingTo\u003c/code\u003e, causing \u003ccode\u003esetLngProps\u003c/code\u003e to be skipped \u003ca href=\"https://redirect.github.com/i18next/i18next/issues/2422\"\u003e2422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/i18next/i18next/blob/master/CHANGELOG.md\"\u003ei18next's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e26.0.6\u003c/h2\u003e\n\u003cp\u003eSecurity release — all issues found via an internal audit.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity: warn when a translation string combines \u003ccode\u003eescapeValue: false\u003c/code\u003e with interpolated variables inside a \u003ccode\u003e$t(key, { ... \u0026quot;{{var}}\u0026quot; ... })\u003c/code\u003e nesting-options block. In that narrow combination, attacker-controlled string values containing \u003ccode\u003e\u0026quot;\u003c/code\u003e can break out of the JSON options literal and inject additional nesting options (e.g. redirect \u003ccode\u003elng\u003c/code\u003e/\u003ccode\u003ens\u003c/code\u003e). The default \u003ccode\u003eescapeValue: true\u003c/code\u003e configuration is unaffected because HTML-escaping neutralises the quote before \u003ccode\u003eJSON.parse\u003c/code\u003e. See the \u003ca href=\"https://www.i18next.com/translation-function/nesting#security-note-interpolated-values-inside-a-nesting-options-block\"\u003esecurity note in the Nesting docs\u003c/a\u003e for the full pattern and mitigations\u003c/li\u003e\n\u003cli\u003esecurity: apply \u003ccode\u003eregexEscape\u003c/code\u003e to \u003ccode\u003eunescapePrefix\u003c/code\u003e / \u003ccode\u003eunescapeSuffix\u003c/code\u003e on par with the other interpolation delimiters. Prevents ReDoS (catastrophic-backtracking) when a misconfigured delimiter contains regex metacharacters, and fixes silent breakage of the \u003ccode\u003e{{- var}}\u003c/code\u003e syntax when the delimiter contains characters like \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e.\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003esecurity: strip CR/LF/NUL and other C0/C1 control characters from string log arguments to prevent log forging via user-controlled translation keys, language codes, namespaces, or interpolation variable names (CWE-117)\u003c/li\u003e\n\u003cli\u003echore: ignore \u003ccode\u003e.env*\u003c/code\u003e and \u003ccode\u003e*.pem\u003c/code\u003e/\u003ccode\u003e*.key\u003c/code\u003e files in \u003ccode\u003e.gitignore\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e26.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language state when the target language is not yet loaded — a race between \u003ccode\u003einit()\u003c/code\u003e's deferred \u003ccode\u003eload()\u003c/code\u003e and the user's \u003ccode\u003echangeLanguage()\u003c/code\u003e could overwrite \u003ccode\u003eisLanguageChangingTo\u003c/code\u003e, causing \u003ccode\u003esetLngProps\u003c/code\u003e to be skipped \u003ca href=\"https://redirect.github.com/i18next/i18next/issues/2422\"\u003e2422\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/9d0ed9f98ee0386f923175f3638e2df103143dde\"\u003e\u003ccode\u003e9d0ed9f\u003c/code\u003e\u003c/a\u003e 26.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/8c825644373b4faaeedd2587b9080283d2fcf5ce\"\u003e\u003ccode\u003e8c82564\u003c/code\u003e\u003c/a\u003e security: hardening for 26.0.6 — nesting-options warning, regexEscape unescap...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/0cb018c363d9b64790248d2712ac57258a9708bb\"\u003e\u003ccode\u003e0cb018c\u003c/code\u003e\u003c/a\u003e chore: bump devDependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/ab4633fee059432fc2a0a11a00741eac51313a7e\"\u003e\u003ccode\u003eab4633f\u003c/code\u003e\u003c/a\u003e 26.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/i18next/i18next/commit/bae3b8bca9e060311fa039f31415b9eccd66a1e4\"\u003e\u003ccode\u003ebae3b8b\u003c/code\u003e\u003c/a\u003e fix: \u003ccode\u003ecloneInstance().changeLanguage()\u003c/code\u003e no longer fails to update language st...\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/i18next/i18next/compare/v26.0.4...v26.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puppeteer-core` from 24.40.0 to 24.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/releases\"\u003epuppeteer-core's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epuppeteer-core: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/blob/main/CHANGELOG.md\"\u003epuppeteer-core's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-v24.40.0...puppeteer-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\n\u003cul\u003e\n\u003cli\u003edependencies\n\u003cul\u003e\n\u003cli\u003epuppeteer-core bumped from 24.40.0 to 24.41.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2d05dfcfa321f7e6289e4658cd6f0cced3d62fe2\"\u003e\u003ccode\u003e2d05dfc\u003c/code\u003e\u003c/a\u003e fix: bump node to 24 to avoid publishing bugs with npm (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14868\"\u003e#14868\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/20402bc0f9a7daeee2afc6a9859a55ff9bf0e391\"\u003e\u003ccode\u003e20402bc\u003c/code\u003e\u003c/a\u003e chore: release main (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14866\"\u003e#14866\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e\u003ccode\u003e080379b\u003c/code\u003e\u003c/a\u003e docs: update extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/1f9dc746565c818d59fff9e84c3c795ddd2ec32d\"\u003e\u003ccode\u003e1f9dc74\u003c/code\u003e\u003c/a\u003e chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /website (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14865\"\u003e#14865\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/4655500ac52c67c782a956ea66270dfcf5a38d91\"\u003e\u003ccode\u003e4655500\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the dev-dependencies group with 8 updates (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14855\"\u003e#14855\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d5029415e2c3d83ed340cf29733662e9f0b58434\"\u003e\u003ccode\u003ed502941\u003c/code\u003e\u003c/a\u003e test: fix extension test flakiness (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14864\"\u003e#14864\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003e\u003ccode\u003ee484a91\u003c/code\u003e\u003c/a\u003e fix: make \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003e\u003ccode\u003ec14f4ae\u003c/code\u003e\u003c/a\u003e feat: adds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/5097b97d07eb0e3c68d99fce80efe899084a313d\"\u003e\u003ccode\u003e5097b97\u003c/code\u003e\u003c/a\u003e test: fix flaky extension test (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14853\"\u003e#14853\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e\u003ccode\u003e8f95117\u003c/code\u003e\u003c/a\u003e feat(webmcp): add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.106.1 to 5.106.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.106.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e now inherits the parent module's exportType, so a file configured as \u0026quot;text\u0026quot; correctly creates a style tag when \u003ca href=\"https://github.com/imported\"\u003e\u003ccode\u003e@​imported\u003c/code\u003e\u003c/a\u003e by a \u0026quot;style\u0026quot; parent. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20838\"\u003e#20838\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator \u003ccode\u003eexportsOnly\u003c/code\u003e, JsonGenerator \u003ccode\u003eJSONParse\u003c/code\u003e, WebAssemblyGenerator \u003ccode\u003emangleImports\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e||\u003c/code\u003e default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. \u003ccode\u003emodules: false\u003c/code\u003e, \u003ccode\u003eentries: false\u003c/code\u003e, \u003ccode\u003eentrypoints: false\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20823\"\u003e#20823\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMigrate from \u003ccode\u003emime-types\u003c/code\u003e to \u003ccode\u003emime-db\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20812\"\u003e#20812\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20831\"\u003e#20831\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMarked all experimental options in types. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20814\"\u003e#20814\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.106.2\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eCSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e now inherits the parent module's exportType, so a file configured as \u0026quot;text\u0026quot; correctly creates a style tag when \u003ca href=\"https://github.com/imported\"\u003e\u003ccode\u003e@​imported\u003c/code\u003e\u003c/a\u003e by a \u0026quot;style\u0026quot; parent. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20838\"\u003e#20838\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20801\"\u003e#20801\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eInclude missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator \u003ccode\u003eexportsOnly\u003c/code\u003e, JsonGenerator \u003ccode\u003eJSONParse\u003c/code\u003e, WebAssemblyGenerator \u003ccode\u003emangleImports\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20821\"\u003e#20821\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e||\u003c/code\u003e default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. \u003ccode\u003emodules: false\u003c/code\u003e, \u003ccode\u003eentries: false\u003c/code\u003e, \u003ccode\u003eentrypoints: false\u003c/code\u003e). (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20823\"\u003e#20823\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMigrate from \u003ccode\u003emime-types\u003c/code\u003e to \u003ccode\u003emime-db\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20812\"\u003e#20812\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHandle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20831\"\u003e#20831\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMarked all experimental options in types. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20814\"\u003e#20814\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0d7e3e0153f0696311a590f90620506e8ab166ac\"\u003e\u003ccode\u003e0d7e3e0\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20815\"\u003e#20815\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/d5df118cd230458cde9265704f796c8fefd016d4\"\u003e\u003ccode\u003ed5df118\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/cache in the dependencies group (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20839\"\u003e#20839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5f0874bbced3a35efe603547f735ea28337cda60\"\u003e\u003ccode\u003e5f0874b\u003c/code\u003e\u003c/a\u003e fix: make asset modules available in JS when referenced from CSS and lazy JS ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b63ab37e5e867197da736620359f6597b1fbc44a\"\u003e\u003ccode\u003eb63ab37\u003c/code\u003e\u003c/a\u003e chore(deps): bump test/test262-cases in the dependencies group (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20792\"\u003e#20792\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/313dfc596774ba7a5436b4f1012006e1df4ccc20\"\u003e\u003ccode\u003e313dfc5\u003c/code\u003e\u003c/a\u003e ci: improve time for windows (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20840\"\u003e#20840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/a553f61be33ec8ca8dd7536de0808152962f5bae\"\u003e\u003ccode\u003ea553f61\u003c/code\u003e\u003c/a\u003e test: update test262 (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20841\"\u003e#20841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/1ef747cb0a3750c76a55ba4d61b09bf5576e3dd5\"\u003e\u003ccode\u003e1ef747c\u003c/code\u003e\u003c/a\u003e fix: CSS \u003ca href=\"https://github.com/import\"\u003e\u003ccode\u003e@​import\u003c/code\u003e\u003c/a\u003e should inherit parent's exportType over parser config (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20838\"\u003e#20838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/485d4cecb06adb232d7c9292665a009a0447dd00\"\u003e\u003ccode\u003e485d4ce\u003c/code\u003e\u003c/a\u003e chore(deps): update \u003ccode\u003eopen-cli\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20834\"\u003e#20834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/46042b91960ad453c91892bb5571013ce312fda9\"\u003e\u003ccode\u003e46042b9\u003c/code\u003e\u003c/a\u003e chore(deps): no outdated strip-ansi (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20835\"\u003e#20835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/8c7700bb3d2bfdf7d45903fc8e178e3cb16f46d1\"\u003e\u003ccode\u003e8c7700b\u003c/code\u003e\u003c/a\u003e fix: handle \u003ccode\u003e@charset\u003c/code\u003e at-rules in CSS modules\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.106.1...v5.106.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@csstools/css-syntax-patches-for-csstree` from 1.1.2 to 1.1.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/csstools/postcss-plugins/blob/main/packages/css-syntax-patches-for-csstree/CHANGELOG.md\"\u003e\u003ccode\u003e@​csstools/css-syntax-patches-for-csstree\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e1.1.3\u003c/h3\u003e\n\u003cp\u003e\u003cem\u003eApril 12, 2026\u003c/em\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@webref/css\u003c/code\u003e to \u003ca href=\"https://github.com/w3c/webref/releases/tag/%40webref%2Fcss%408.5.3\"\u003e\u003ccode\u003ev8.5.3\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-syntax-patches-for-csstree\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@emnapi/core` from 1.9.2 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/toyobayashi/emnapi/releases\"\u003e\u003ccode\u003e@​emnapi/core\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: early update wasm memory for views (\u003ca href=\"https://github.com/hardfist/emnapi-shared-memory-grow-repro\"\u003ehttps://github.com/hardfist/emnapi-shared-memory-grow-repro\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory\u003c/li\u003e\n\u003cli\u003efix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003efix: coalesce tsfn (js version) send message\u003c/li\u003e\n\u003cli\u003eci: restructure CI workflows\u003c/li\u003e\n\u003cli\u003eci: prebuilt liraries using llvm 22\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/hardfist\"\u003e\u003ccode\u003e@​hardfist\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ehttps://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/ba84999164c8d9ee10e57f72bb6fa5fa0b192b54\"\u003e\u003ccode\u003eba84999\u003c/code\u003e\u003c/a\u003e 1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71b77fb184a0dcab2c7a726e2f9c9cbb0c7f9257\"\u003e\u003ccode\u003e71b77fb\u003c/code\u003e\u003c/a\u003e fix: free queue node and set async_pending flag before finalize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b0cc8cc3453deba82eb67947673c932b0ff7c192\"\u003e\u003ccode\u003eb0cc8cc\u003c/code\u003e\u003c/a\u003e fix: tsfn use after free\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/e2ba93140776624e4f718f030474c3b3992d6dcd\"\u003e\u003ccode\u003ee2ba931\u003c/code\u003e\u003c/a\u003e ci: llvm 22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b02054aef5e6c84f6d0721e78c5733aef8fc2ca1\"\u003e\u003ccode\u003eb02054a\u003c/code\u003e\u003c/a\u003e fix: coalesce tsfn send message (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71cd534275e3e35b78efacfdffffc013b696173f\"\u003e\u003ccode\u003e71cd534\u003c/code\u003e\u003c/a\u003e test: fix async_progress_worker test (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/c81c1fbde97ce05cb1806e8ecfc59a50323bb17d\"\u003e\u003ccode\u003ec81c1fb\u003c/code\u003e\u003c/a\u003e ci: restructure CI workflows (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/19b27bb008cc0b1343e2ebc0becfdeca26881640\"\u003e\u003ccode\u003e19b27bb\u003c/code\u003e\u003c/a\u003e fix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/4113230dfd5001c1cd14729fe93668e62d3ce926\"\u003e\u003ccode\u003e4113230\u003c/code\u003e\u003c/a\u003e fix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/61c497ee92d099d9279b9282a9ef1ae86265edef\"\u003e\u003ccode\u003e61c497e\u003c/code\u003e\u003c/a\u003e fix: early update wasm memory for views (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@emnapi/runtime` from 1.9.2 to 1.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/toyobayashi/emnapi/releases\"\u003e\u003ccode\u003e@​emnapi/runtime\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: early update wasm memory for views (\u003ca href=\"https://github.com/hardfist/emnapi-shared-memory-grow-repro\"\u003ehttps://github.com/hardfist/emnapi-shared-memory-grow-repro\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory\u003c/li\u003e\n\u003cli\u003efix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003efix: coalesce tsfn (js version) send message\u003c/li\u003e\n\u003cli\u003eci: restructure CI workflows\u003c/li\u003e\n\u003cli\u003eci: prebuilt liraries using llvm 22\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/hardfist\"\u003e\u003ccode\u003e@​hardfist\u003c/code\u003e\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ehttps://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/ba84999164c8d9ee10e57f72bb6fa5fa0b192b54\"\u003e\u003ccode\u003eba84999\u003c/code\u003e\u003c/a\u003e 1.10.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71b77fb184a0dcab2c7a726e2f9c9cbb0c7f9257\"\u003e\u003ccode\u003e71b77fb\u003c/code\u003e\u003c/a\u003e fix: free queue node and set async_pending flag before finalize\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b0cc8cc3453deba82eb67947673c932b0ff7c192\"\u003e\u003ccode\u003eb0cc8cc\u003c/code\u003e\u003c/a\u003e fix: tsfn use after free\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/e2ba93140776624e4f718f030474c3b3992d6dcd\"\u003e\u003ccode\u003ee2ba931\u003c/code\u003e\u003c/a\u003e ci: llvm 22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/b02054aef5e6c84f6d0721e78c5733aef8fc2ca1\"\u003e\u003ccode\u003eb02054a\u003c/code\u003e\u003c/a\u003e fix: coalesce tsfn send message (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/71cd534275e3e35b78efacfdffffc013b696173f\"\u003e\u003ccode\u003e71cd534\u003c/code\u003e\u003c/a\u003e test: fix async_progress_worker test (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/209\"\u003e#209\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/c81c1fbde97ce05cb1806e8ecfc59a50323bb17d\"\u003e\u003ccode\u003ec81c1fb\u003c/code\u003e\u003c/a\u003e ci: restructure CI workflows (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/208\"\u003e#208\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/19b27bb008cc0b1343e2ebc0becfdeca26881640\"\u003e\u003ccode\u003e19b27bb\u003c/code\u003e\u003c/a\u003e fix: add missing \u003ccode\u003efrom64\u003c/code\u003e wrap\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/4113230dfd5001c1cd14729fe93668e62d3ce926\"\u003e\u003ccode\u003e4113230\u003c/code\u003e\u003c/a\u003e fix!: \u003ccode\u003enapi_adjust_external_memory\u003c/code\u003e no longer grow wasm memory (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/207\"\u003e#207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/toyobayashi/emnapi/commit/61c497ee92d099d9279b9282a9ef1ae86265edef\"\u003e\u003ccode\u003e61c497e\u003c/code\u003e\u003c/a\u003e fix: early update wasm memory for views (\u003ca href=\"https://redirect.github.com/toyobayashi/emnapi/issues/206\"\u003e#206\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/toyobayashi/emnapi/compare/v1.9.2...v1.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@istanbuljs/schema` from 0.1.3 to 0.1.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/istanbuljs/schema/releases\"\u003e\u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.1.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.5...v0.1.6\"\u003e0.1.6\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo change to schema in 0.1.x series (\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e440f977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.1.5\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.4...v0.1.5\"\u003e0.1.5\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRe-add release-please (\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e7c25461\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/istanbuljs/schema/blob/master/CHANGELOG.md\"\u003e\u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.5...v0.1.6\"\u003e0.1.6\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUndo change to schema in 0.1.x series (\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e440f977\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.4...v0.1.5\"\u003e0.1.5\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRe-add release-please (\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e7c25461\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.3...v0.1.4\"\u003e0.1.4\u003c/a\u003e (2026-04-13)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove development dependencies (\u003ca href=\"https://github.com/istanbuljs/schema/commit/a24b4c1bccf65f63e7f1fe6bd82bed82e57abc80\"\u003ea24b4c1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/f870afe9d8e71e1c8d723ff75cf78f388a1a7e1c\"\u003e\u003ccode\u003ef870afe\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/440f977adc826fa51aa5eba06ee4d89065ca4261\"\u003e\u003ccode\u003e440f977\u003c/code\u003e\u003c/a\u003e fix: Undo change to schema in 0.1.x series\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/d258e9ecf6ff3afdc279c8da7dc8435bce1b7554\"\u003e\u003ccode\u003ed258e9e\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/7c25461ac00d69b843d6a3e112a279164fc972b9\"\u003e\u003ccode\u003e7c25461\u003c/code\u003e\u003c/a\u003e fix: Re-add release-please\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/75b89fd6070e07f70129eccbbed47d450acc5d63\"\u003e\u003ccode\u003e75b89fd\u003c/code\u003e\u003c/a\u003e chore: Remove release-please\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/467c01f587b421b3f226a49da2ae28d507a012ba\"\u003e\u003ccode\u003e467c01f\u003c/code\u003e\u003c/a\u003e chore(master): release 0.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/istanbuljs/schema/commit/a24b4c1bccf65f63e7f1fe6bd82bed82e57abc80\"\u003e\u003ccode\u003ea24b4c1\u003c/code\u003e\u003c/a\u003e fix: Remove development dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/istanbuljs/schema/compare/v0.1.3...v0.1.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for \u003ccode\u003e@​istanbuljs/schema\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bare-fs` from 4.7.0 to 4.7.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/holepunchto/bare-fs/releases\"\u003ebare-fs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003erecursive\u003c/code\u003e option to \u003ccode\u003ereaddir\u003c/code\u003e methods by \u003ca href=\"https://github.com/yassernasc\"\u003e\u003ccode\u003e@​yassernasc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/pull/35\"\u003eholepunchto/bare-fs#35\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExplicitly retain read and write buffers by \u003ca href=\"https://github.com/kasperisager\"\u003e\u003ccode\u003e@​kasperisager\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/pull/36\"\u003eholepunchto/bare-fs#36\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\"\u003ehttps://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/5d97145266603f704e19458c85f41a9ea8b2fa40\"\u003e\u003ccode\u003e5d97145\u003c/code\u003e\u003c/a\u003e 4.7.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/bf7d7f8dccf2a9bb8954c03f56c1490f9922c7c7\"\u003e\u003ccode\u003ebf7d7f8\u003c/code\u003e\u003c/a\u003e Explicitly retain read and write buffers (\u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/issues/36\"\u003e#36\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-fs/commit/a000d5ae28bb85d103825dc07af76205e03c4a89\"\u003e\u003ccode\u003ea000d5a\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003erecursive\u003c/code\u003e option to \u003ccode\u003ereaddir\u003c/code\u003e methods (\u003ca href=\"https://redirect.github.com/holepunchto/bare-fs/issues/35\"\u003e#35\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/holepunchto/bare-fs/compare/v4.7.0...v4.7.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bare-url` from 2.4.0 to 2.4.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/holepunchto/bare-url/releases\"\u003ebare-url's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\"\u003ehttps://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/a769786b1389339009e47d713071b7066070445c\"\u003e\u003ccode\u003ea769786\u003c/code\u003e\u003c/a\u003e 2.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/ab96d9fcaeaf1c2b7a077292dcd7855b373e4963\"\u003e\u003ccode\u003eab96d9f\u003c/code\u003e\u003c/a\u003e Add Lunte and publish workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/4122d0959a4b83a7f23c5a5b056146458d2cffd4\"\u003e\u003ccode\u003e4122d09\u003c/code\u003e\u003c/a\u003e Add missing \u003ccode\u003e+\u003c/code\u003e replacement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/c0186ba1d4cb715a1cd887273ad2d39b3ce5b60e\"\u003e\u003ccode\u003ec0186ba\u003c/code\u003e\u003c/a\u003e Reenable assertions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/holepunchto/bare-url/commit/41a20a86358bb7edbe8e33700cd301c41172085a\"\u003e\u003ccode\u003e41a20a8\u003c/code\u003e\u003c/a\u003e Remove unused type tag\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/holepunchto/bare-url/compare/v2.4.0...v2.4.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for bare-url since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `baseline-browser-mapping` from 2.10.18 to 2.10.20\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/releases\"\u003ebaseline-browser-mapping's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.3 - remove \u003ccode\u003eprocess.loadEnvFile()\u003c/code\u003e\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process.loadEnfFile() from main script by \u003ca href=\"https://github.com/tonypconway\"\u003e\u003ccode\u003e@​tonypconway\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/web-platform-dx/baseline-browser-mapping/pull/112\"\u003eweb-platform-dx/baseline-browser-mapping#112\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.9.2...v2.9.3\"\u003ehttps://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.9.2...v2.9.3\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/481a1e4bb3c007bcd63a1dfb1fac87fd0abcecc9\"\u003e\u003ccode\u003e481a1e4\u003c/code\u003e\u003c/a\u003e Patch to 2.10.20 because browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/f78424437cacb15a5d7a371ef39d29a0334f1a24\"\u003e\u003ccode\u003ef784244\u003c/code\u003e\u003c/a\u003e Browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/94a5b7bcf85eb85843fbedfcf4d5bbcab648570e\"\u003e\u003ccode\u003e94a5b7b\u003c/code\u003e\u003c/a\u003e Patch to 2.10.19 because browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/b1fbd837eebcb7d6d4231036da1b890276f74d7b\"\u003e\u003ccode\u003eb1fbd83\u003c/code\u003e\u003c/a\u003e Browser or feature data changed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/933b064bc14696ecb2bfc346ba66169b7d2dbaf8\"\u003e\u003ccode\u003e933b064\u003c/code\u003e\u003c/a\u003e Updating static site\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/commit/6bcec924ed283d6c167191c60b638252420da0e6\"\u003e\u003ccode\u003e6bcec92\u003c/code\u003e\u003c/a\u003e Updating static site\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/web-platform-dx/baseline-browser-mapping/compare/v2.10.18...v2.10.20\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.2 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.2...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `caniuse-lite` from 1.0.30001787 to 1.0.30001788\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserslist/caniuse-lite/commit/a90bee690d4f830b1c9d286636e48c173f8a84bb\"\u003e\u003ccode\u003ea90bee6\u003c/code\u003e\u003c/a\u003e Update caniuse-db 1.0.30001788\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/browserslist/caniuse-lite/compare/1.0.30001787...1.0.30001788\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `electron-to-chromium` from 1.5.335 to 1.5.340\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/6d2cfbd94acc00876df082b8070cd9a5a10d7f95\"\u003e\u003ccode\u003e6d2cfbd\u003c/code\u003e\u003c/a\u003e 1.5.340\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/d02552a0bb5306ada1816ea473c73fbbdc3127ca\"\u003e\u003ccode\u003ed02552a\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/ce4abfaef35e1530f139f4610c20df101228f2dd\"\u003e\u003ccode\u003ece4abfa\u003c/code\u003e\u003c/a\u003e 1.5.339\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/059f4579baa375d745ca5eef1772db3b469ca2b8\"\u003e\u003ccode\u003e059f457\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/e54c94b294c14d69b77d18525f7de1df0b06e7af\"\u003e\u003ccode\u003ee54c94b\u003c/code\u003e\u003c/a\u003e 1.5.338\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/fad2989206a816a6d3fda623310ab9e222427b04\"\u003e\u003ccode\u003efad2989\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/b09b91e1ddef39f6c1d6ffe91e2f252c50276894\"\u003e\u003ccode\u003eb09b91e\u003c/code\u003e\u003c/a\u003e 1.5.337\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/a12c2267d8abfb5ba7c5d745227c401104371842\"\u003e\u003ccode\u003ea12c226\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/655c29f1357a3e5d06d1a83a9ecb227a5c464884\"\u003e\u003ccode\u003e655c29f\u003c/code\u003e\u003c/a\u003e 1.5.336\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kilian/electron-to-chromium/commit/edbc826153df76c9653c4067c1c87e7e7fe17cee\"\u003e\u003ccode\u003eedbc826\u003c/code\u003e\u003c/a\u003e generate new version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/Kilian/electron-to-chromium/compare/v1.5.335...v1.5.340\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `hasown` from 2.0.2 to 2.0.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/inspect-js/hasOwn/blob/main/CHANGELOG.md\"\u003ehasown's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/compare/v2.0.2...v2.0.3\"\u003ev2.0.3\u003c/a\u003e - 2026-04-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[actions] update workflows \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/fb837b849bcdb8416fdc8fd344edfacd5574696c\"\u003e\u003ccode\u003efb837b8\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@arethetypeswrong/cli\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003e@ljharb/tsconfig\u003c/code\u003e, \u003ccode\u003e@types/tape\u003c/code\u003e, \u003ccode\u003eauto-changelog\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003emock-property\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/f4b279bd682be34b3f0ede2a58d4e8acb58d6d47\"\u003e\u003ccode\u003ef4b279b\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e; migrate to flat config \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/7e415cee55ebf43b3c34d7fd86db73a9928b05f7\"\u003e\u003ccode\u003e7e415ce\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/ef313da342d33b60e23e738b9f5a86f6065f39ef\"\u003e\u003ccode\u003eef313da\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/d5c6d4d7a19c6ca4f14ac173b30d8bf25abcabee\"\u003e\u003ccode\u003ed5c6d4d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[types] add overload that narrows the key \u003ca href=\"https://github.com/inspect-js/hasOwn/commit/cc03a097e9402fb8b86d413050e67f790dd6c8c5\"\u003e\u003ccode\u003ecc03a09\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/27ebd405917f8e154b6fc07a878dbbf289456ca3\"\u003e\u003ccode\u003e27ebd40\u003c/code\u003e\u003c/a\u003e v2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/fb837b849bcdb8416fdc8fd344edfacd5574696c\"\u003e\u003ccode\u003efb837b8\u003c/code\u003e\u003c/a\u003e [actions] update workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/cc03a097e9402fb8b86d413050e67f790dd6c8c5\"\u003e\u003ccode\u003ecc03a09\u003c/code\u003e\u003c/a\u003e [types] add overload that narrows the key\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/f4b279bd682be34b3f0ede2a58d4e8acb58d6d47\"\u003e\u003ccode\u003ef4b279b\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@arethetypeswrong/cli\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, `@ljharb/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/ef313da342d33b60e23e738b9f5a86f6065f39ef\"\u003e\u003ccode\u003eef313da\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/7e415cee55ebf43b3c34d7fd86db73a9928b05f7\"\u003e\u003ccode\u003e7e415ce\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e; migrate to flat config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/inspect-js/hasOwn/commit/d5c6d4d7a19c6ca4f14ac173b30d8bf25abcabee\"\u003e\u003ccode\u003ed5c6d4d\u003c/code\u003e\u003c/a\u003e [meta] use \u003ccode\u003enpm audit\u003c/code\u003e instead of \u003ccode\u003eaud\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/inspect-js/hasOwn/compare/v2.0.2...v2.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.9 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.9...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `puppeteer` from 24.40.0 to 24.41.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/puppeteer/releases\"\u003epuppeteer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003epuppeteer-core: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v24.40.0...puppeteer-core-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for Issues (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14845\"\u003e#14845\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6e8dbe7a998a3619f089f549009ebcb860389fdd\"\u003e6e8dbe7\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadds extension realms api (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14824\"\u003e#14824\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c14f4ae7ee65fd95a4a1f9d722e73f67c37da44b\"\u003ec14f4ae\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAPI to list installed browser extensions and trigger extension actions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14821\"\u003e#14821\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/d6395ef88103a50cb2b2c43f61953ab6a495a8c3\"\u003ed6395ef\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eimplement console event on web workers (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14784\"\u003e#14784\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fa6158a1dfa327df8dc8eea1eb22c49efefb3be5\"\u003efa6158a\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14799\"\u003e#14799\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/9fd5ceb054b0508bd8f4b14ed950a011a31f101a\"\u003e9fd5ceb\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool invocation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14835\"\u003e#14835\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/cf8169d5dee0bbff06118c211969eb94849f6bbd\"\u003ecf8169d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add hook for tool response (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14841\"\u003e#14841\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6fb05bc9e45fb2735a1c44b59ad868af2fb1ee9b\"\u003e6fb05bc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add initial API to inspect tool registrations (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14814\"\u003e#14814\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/655c996fed21d4ac7f5df841aef0c6b246ba2e9d\"\u003e655c996\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e add WebMCPTool execute support (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14851\"\u003e#14851\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/8f95117960af969ee31595406f985c924eb67bf1\"\u003e8f95117\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e expose WebMCPToolCall in WebMCPToolCallResult (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14848\"\u003e#14848\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/242ac0b2d364e9463f2b0e37f26d8bd0cfdf4d3e\"\u003e242ac0b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Switch from WebMCPInvocationStatus Success to Completed (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14859\"\u003e#14859\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/375e636beedaa5fef53d5f198fa70229d47155b5\"\u003e375e636\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🛠️ Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd missing onRelease to Mutex and add tests (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14818\"\u003e#14818\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/bf1e9722eef723c80250119d81fd9d9e0596c074\"\u003ebf1e972\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emake \u003ccode\u003eTarget.asPage\u003c/code\u003e return the same Page instance (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14862\"\u003e#14862\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/e484a918c432859efbf57a74b4957097b13f8575\"\u003ee484a91\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove RenderDocument from disabled Chrome features (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14745\"\u003e#14745\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/a48eba24dcb2663da543bdf1f4597a2c1a56f0ff\"\u003ea48eba2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.50 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14819\"\u003e#14819\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/2be30023994ee2e7ebb15e43dc0e2804256f8ca2\"\u003e2be3002\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.56 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14842\"\u003e#14842\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/fdb3c64f8bfcff367eab862c0309f9c4bf6d6f20\"\u003efdb3c64\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eroll to Firefox 149.0.2 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14838\"\u003e#14838\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/55359a3d7383c03a9d9de7ff8e24b613655694e8\"\u003e55359a3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ewithout azimuthAngle the altitudeAngle should no be specified (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14781\"\u003e#14781\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/6f9d9752207d55be0e3b0d10ba9a416a81af4694\"\u003e6f9d975\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📄 Documentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate extension and realm docs (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14867\"\u003e#14867\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/080379bf24c6bd021d664bcf993457542cf76dcc\"\u003e080379b\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add JS example to WebMCP class (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14852\"\u003e#14852\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/c514dba3316e742f2d2b428fd72a49890c0a2255\"\u003ec514dba\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e Add missing documentation (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14849\"\u003e#14849\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/76b08d20305283b9a2a2ccd5cf9c2f5bad63e337\"\u003e76b08d2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ewebmcp:\u003c/strong\u003e tune tags and descriptions (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14844\"\u003e#14844\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/578295815ca559790626b8aeeddeea9f9cef67be\"\u003e5782958\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003epuppeteer: v24.41.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/puppeteer/puppeteer/compare/puppeteer-v24.40.0...puppeteer-v24.41.0\"\u003e24.41.0\u003c/a\u003e (2026-04-15)\u003c/h2\u003e\n\u003ch3\u003e🎉 Features\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eroll to Chrome 147.0.7727.24 (\u003ca href=\"https://redirect.github.com/puppeteer/puppeteer/issues/14797\"\u003e#14797\u003c/a\u003e) (\u003ca href=\"https://github.com/puppeteer/puppeteer/commit/ee81786a8285e20afdee70e4fb8660df4d6748b0\"\u003eee81786\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependencies\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe following workspace dependencies were updated\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/puppeteer/...\n\n_Description has been truncated_","html_url":"https://github.com/Arelle/ixbrl-viewer/pull/1041","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Arelle%2Fixbrl-viewer/issues/1041","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1041/packages"}},{"old_version":"5.0.5","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-19T19:43:26.000Z","version_change":"5.0.5 → 5.3.0","issue":{"uuid":"4291829638","node_id":"PR_kwDOOg_w_c7Twcgl","number":193,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 3 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T19:43:26.000Z","updated_at":"2026-04-19T19:47:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"playwright","old_version":"1.52.0","new_version":"1.55.1","repository_url":"https://github.com/microsoft/playwright"},{"name":"basic-ftp","old_version":"5.0.5","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"bn.js","old_version":"4.12.2","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"lodash-es","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"7.4.3","new_version":"7.5.13","repository_url":"https://github.com/isaacs/node-tar"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 6 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [playwright](https://github.com/microsoft/playwright) | `1.52.0` | `1.55.1` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.5` | `5.3.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.2` | `4.12.3` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [lodash-es](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [tar](https://github.com/isaacs/node-tar) | `7.4.3` | `7.5.13` |\n\nBumps the npm_and_yarn group with 2 updates in the /SolidStartApp directory: [defu](https://github.com/unjs/defu) and [undici](https://github.com/nodejs/undici).\nBumps the npm_and_yarn group with 2 updates in the /mobile-app directory: [picomatch](https://github.com/micromatch/picomatch) and [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser).\n\nUpdates `playwright` from 1.52.0 to 1.55.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/microsoft/playwright/releases\"\u003eplaywright's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.55.1\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37479\"\u003emicrosoft/playwright#37479\u003c/a\u003e - [Bug]: Upgrade Chromium to 140.0.7339.186.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37147\"\u003emicrosoft/playwright#37147\u003c/a\u003e - [Regression]: Internal error: step id not found.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37146\"\u003emicrosoft/playwright#37146\u003c/a\u003e - [Regression]: HTML reporter displays a broken chip link when there are no projects.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/pull/37137\"\u003emicrosoft/playwright#37137\u003c/a\u003e - Revert \u0026quot;fix(a11y): track inert elements as hidden\u0026quot;.\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/pull/37532\"\u003emicrosoft/playwright#37532\u003c/a\u003e - chore: do not use -k option\u003c/p\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChromium 140.0.7339.186\u003c/li\u003e\n\u003cli\u003eMozilla Firefox 141.0\u003c/li\u003e\n\u003cli\u003eWebKit 26.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version was also tested against the following stable channels:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle Chrome 139\u003c/li\u003e\n\u003cli\u003eMicrosoft Edge 139\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.55.0\u003c/h2\u003e\n\u003ch2\u003eNew APIs\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNew Property \u003ca href=\"https://playwright.dev/docs/api/class-teststepinfo#test-step-info-title-path\"\u003etestStepInfo.titlePath\u003c/a\u003e Returns the full title path starting from the test file, including test and step titles.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eCodegen\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAutomatic \u003ccode\u003etoBeVisible()\u003c/code\u003e assertions: Codegen can now generate automatic \u003ccode\u003etoBeVisible()\u003c/code\u003e assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBreaking Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e⚠️ Dropped support for Chromium extension manifest v2.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eMiscellaneous\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for Debian 13 \u0026quot;Trixie\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChromium 140.0.7339.16\u003c/li\u003e\n\u003cli\u003eMozilla Firefox 141.0\u003c/li\u003e\n\u003cli\u003eWebKit 26.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThis version was also tested against the following stable channels:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eGoogle Chrome 139\u003c/li\u003e\n\u003cli\u003eMicrosoft Edge 139\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.54.2\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36714\"\u003emicrosoft/playwright#36714\u003c/a\u003e - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error)\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36828\"\u003emicrosoft/playwright#36828\u003c/a\u003e - [Regression]: Playwright Codegen keeps spamming with selected option\n\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36810\"\u003emicrosoft/playwright#36810\u003c/a\u003e - [Regression]: Starting Codegen with target language doesn't work anymore\u003c/p\u003e\n\u003ch2\u003eBrowser Versions\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/ae51df7a35888f663553ab4e9c45d6cb6335397f\"\u003e\u003ccode\u003eae51df7\u003c/code\u003e\u003c/a\u003e chore: mark v1.55.1 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37530\"\u003e#37530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/86dde294ce7fc9dd62d2f7ce5afd0c79cff50140\"\u003e\u003ccode\u003e86dde29\u003c/code\u003e\u003c/a\u003e feat(chromium): roll to r1193 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37529\"\u003e#37529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/86328bc9f43da2fe2b9aba2822c79f8b4c0c7f72\"\u003e\u003ccode\u003e86328bc\u003c/code\u003e\u003c/a\u003e chore: do not use -k option (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37532\"\u003e#37532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/63799ba68340fde11445d4f48c12515c28dcc92a\"\u003e\u003ccode\u003e63799ba\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37214\"\u003e#37214\u003c/a\u003e): docs: fix method names in release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/21e29a42ab090d7848a3c3255f05335ba0db424d\"\u003e\u003ccode\u003e21e29a4\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37153\"\u003e#37153\u003c/a\u003e): fix(html): don't display a chip with empty content with ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/ba62e6ab0d25f7415ffdf121e4e186aadb213be5\"\u003e\u003ccode\u003eba62e6a\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37149\"\u003e#37149\u003c/a\u003e): fix(test): attaching in boxed fixture\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/25bb073f2697c98995871d40828604b0836c29b7\"\u003e\u003ccode\u003e25bb073\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37137\"\u003e#37137\u003c/a\u003e): Revert \u0026quot;fix(a11y): track inert elements as hidden (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/36947\"\u003e#36947\u003c/a\u003e)\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/f992162f04ae0b0b5a0f4b6114b894215be98995\"\u003e\u003ccode\u003ef992162\u003c/code\u003e\u003c/a\u003e chore: mark v1.55.0 (\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37121\"\u003e#37121\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/4a92ea00253106c8bd4234b8d5be2e205d049012\"\u003e\u003ccode\u003e4a92ea0\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37113\"\u003e#37113\u003c/a\u003e): docs: add release-notes for v1.55\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/microsoft/playwright/commit/aa05507bbabc170abf7775bf0d3ddd2438dc384a\"\u003e\u003ccode\u003eaa05507\u003c/code\u003e\u003c/a\u003e cherry-pick(\u003ca href=\"https://redirect.github.com/microsoft/playwright/issues/37114\"\u003e#37114\u003c/a\u003e): test: move browser._launchServer in child process\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/microsoft/playwright/compare/v1.52.0...v1.55.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.5 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.5...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.2 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.2...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash-es` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash-es's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 7.4.3 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `defu` from 6.1.4 to 6.1.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/releases\"\u003edefu's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eExport Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/unjs/defu/blob/main/CHANGELOG.md\"\u003edefu's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.1.7\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.6...v6.1.7\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003edefu.d.cts:\u003c/strong\u003e Export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCorrect the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eJakub Michálek (\u003ca href=\"https://github.com/J-Michalek\"\u003e\u003ccode\u003e@​J-Michalek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eKricsleo (\u003ca href=\"https://github.com/kricsleo\"\u003e\u003ccode\u003e@​kricsleo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.6\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.5...v6.1.6\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e📦 Build\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix mixed types (\u003ca href=\"https://github.com/unjs/defu/commit/407b516\"\u003e407b516\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e❤️ Contributors\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePooya Parsa (\u003ca href=\"https://github.com/pi0\"\u003e\u003ccode\u003e@​pi0\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.1.5\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.5\"\u003ecompare changes\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003e🩹 Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ePrevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/pull/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore inherited enumerable properties (\u003ca href=\"https://github.com/unjs/defu/commit/11ba022\"\u003e11ba022\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🏡 Chore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd tea.yaml (\u003ca href=\"https://github.com/unjs/defu/commit/70cffe5\"\u003e70cffe5\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate repo (\u003ca href=\"https://github.com/unjs/defu/commit/23cc432\"\u003e23cc432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix typecheck (\u003ca href=\"https://github.com/unjs/defu/commit/89df6bb\"\u003e89df6bb\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e✅ Tests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd more tests for plain objects (\u003ca href=\"https://github.com/unjs/defu/commit/b65f603\"\u003eb65f603\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e🤖 CI\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/80c0146afb11ebd86183a579ec469f3abd976695\"\u003e\u003ccode\u003e80c0146\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/40d7ef42d30db975bf80c340e7856c1ad3568321\"\u003e\u003ccode\u003e40d7ef4\u003c/code\u003e\u003c/a\u003e fix(defu.d.cts): export Defu types (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/157\"\u003e#157\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3d3a7c89ca78f3fa43ec7194b12e44e4b0568697\"\u003e\u003ccode\u003e3d3a7c8\u003c/code\u003e\u003c/a\u003e build: correct the \u003ccode\u003etypes\u003c/code\u003e export entry (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/001c2906010eb65c1bb13ccd1f4abea09e10405b\"\u003e\u003ccode\u003e001c290\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/407b51645c41a57da6efac5b40967f2c60ce4f12\"\u003e\u003ccode\u003e407b516\u003c/code\u003e\u003c/a\u003e build: fix mixed types\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/23e59e684cb6a432aad13f308d142247e31b6315\"\u003e\u003ccode\u003e23e59e6\u003c/code\u003e\u003c/a\u003e chore(release): v6.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/11ba02213d4b1c6b02dd686041f75edc479c98e9\"\u003e\u003ccode\u003e11ba022\u003c/code\u003e\u003c/a\u003e fix: ignore inherited enumerable properties\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29\"\u003e\u003ccode\u003e3942bfb\u003c/code\u003e\u003c/a\u003e fix: prevent prototype pollution via \u003ccode\u003e__proto__\u003c/code\u003e in defaults (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/d3ef16dabe861713192ba8679c5db8e0ac143f9b\"\u003e\u003ccode\u003ed3ef16d\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/checkout action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/151\"\u003e#151\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/unjs/defu/commit/869a053effb7b1bf49a1635e1bb211840daa589e\"\u003e\u003ccode\u003e869a053\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6 (\u003ca href=\"https://redirect.github.com/unjs/defu/issues/149\"\u003e#149\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/unjs/defu/compare/v6.1.4...v6.1.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `undici` from 5.29.0 to 6.25.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodejs/undici/releases\"\u003eundici's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.25.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.1...v6.25.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\"\u003ehttps://github.com/nodejs/undici/compare/v6.24.0...v6.24.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.24.0\u003c/h2\u003e\n\u003ch1\u003eUndici v6.24.0 Security Release Notes (LTS)\u003c/h1\u003e\n\u003cp\u003eThis release backports fixes for security vulnerabilities affecting the v6 line.\u003c/p\u003e\n\u003ch2\u003eUpgrade guidance\u003c/h2\u003e\n\u003cp\u003eAll users on v6 should upgrade to \u003cstrong\u003ev6.24.0\u003c/strong\u003e or later.\u003c/p\u003e\n\u003ch2\u003eFixed advisories\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm\"\u003eGHSA-2mjp-6q6p-2qxm\u003c/a\u003e / CVE-2026-1525 (Medium)\u003cbr /\u003e\nInconsistent interpretation of HTTP requests (request/response smuggling class issue).\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj\"\u003eGHSA-f269-vfmq-vjvj\u003c/a\u003e / CVE-2026-1528 (High)\u003cbr /\u003e\nMalicious WebSocket 64-bit frame length handling could crash the client.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-4992-7rv2-5pvq\"\u003eGHSA-4992-7rv2-5pvq\u003c/a\u003e / CVE-2026-1527 (Medium)\u003cbr /\u003e\nCRLF injection via the \u003ccode\u003eupgrade\u003c/code\u003e option.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8\"\u003eGHSA-v9p9-hfj2-hcw8\u003c/a\u003e / CVE-2026-2229 (High)\u003cbr /\u003e\nUnhandled exception from invalid \u003ccode\u003eserver_max_window_bits\u003c/code\u003e in WebSocket permessage-deflate negotiation.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q\"\u003eGHSA-vrm6-8vpv-qv8q\u003c/a\u003e / CVE-2026-1526 (High)\u003cbr /\u003e\nUnbounded memory consumption in WebSocket permessage-deflate decompression.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNot applicable to v6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h\"\u003eGHSA-phc3-fgpg-7m6h\u003c/a\u003e / CVE-2026-2581 affects \u003ccode\u003e\u0026gt;= 7.17.0 \u0026lt; 7.24.0\u003c/code\u003e only.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eAffected and patched ranges (v6)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCVE-2026-1525: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1528: affected \u003ccode\u003e\u0026gt;= 6.0.0 \u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1527: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-2229: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eCVE-2026-1526: affected \u003ccode\u003e\u0026lt; 6.24.0\u003c/code\u003e, patched \u003ccode\u003e6.24.0\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eReferences\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGitHub Security Advisories: \u003ca href=\"https://github.com/nodejs/undici/security/advisories\"\u003ehttps://github.com/nodejs/undici/security/advisories\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/3420499cad88e72e04972b7bb28dd9f2ec2638ac\"\u003e\u003ccode\u003e3420499\u003c/code\u003e\u003c/a\u003e Bumped v6.25.0 (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/5029\"\u003e#5029\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/d7a1e55fbe9607e8b56a10b4be129ca63d16014b\"\u003e\u003ccode\u003ed7a1e55\u003c/code\u003e\u003c/a\u003e feat: add configurable maxPayloadSize for WebSocket (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4955\"\u003e#4955\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/a9d1848fa18d351813e9563bb7653acf1e3c60ad\"\u003e\u003ccode\u003ea9d1848\u003c/code\u003e\u003c/a\u003e Do not mark v6.x releases as latest\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/01265866974369f75f939109969097e45e72b1e1\"\u003e\u003ccode\u003e0126586\u003c/code\u003e\u003c/a\u003e Ignore local agent configuration files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/c0cf656ef5e66f7372a7e57d08c6cbdd5b127e82\"\u003e\u003ccode\u003ec0cf656\u003c/code\u003e\u003c/a\u003e Bumped v6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/f5a9f0ccbe958e7d0cfd7b63a9a8d195378ac6f6\"\u003e\u003ccode\u003ef5a9f0c\u003c/code\u003e\u003c/a\u003e Fix v6 release workflow branch targeting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/af2cb8fe01320f189394bef193c2d5b441fcfe6f\"\u003e\u003ccode\u003eaf2cb8f\u003c/code\u003e\u003c/a\u003e wqremove maxDecompressedMessageSize (\u003ca href=\"https://redirect.github.com/nodejs/undici/issues/4891\"\u003e#4891\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/8873c947271faf1ebc455bdc6158ecbc022ecfa9\"\u003e\u003ccode\u003e8873c94\u003c/code\u003e\u003c/a\u003e Bumped v6.24.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/411bd01a42e7917009bbf686f7628b99d67bbce9\"\u003e\u003ccode\u003e411bd01\u003c/code\u003e\u003c/a\u003e test(websocket): use node:assert for Node 18 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodejs/undici/commit/844bf59699d778944f78a24ae819c0e8f295766e\"\u003e\u003ccode\u003e844bf59\u003c/code\u003e\u003c/a\u003e test: fix http2 lint regressions in backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nodejs/undici/compare/v5.29.0...v6.25.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for undici since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/romanchaa997/Audityzer/network/alerts).\n\n\u003c/details\u003e\n\n\u003c!-- This is an auto-generated description by cubic. --\u003e\n---\n## Summary by cubic\nBump dependencies across root, `SolidStartApp`, and `mobile-app` to pick up security fixes and maintenance updates. Highlights: `playwright` 1.55.1, `lodash-es` 4.18.1, `tar` 7.5.13, `undici` 6.25.0, and `@codecov/solidstart-plugin` v2.\n\n- **Dependencies**\n  - Root: `playwright` 1.55.1; `lodash-es` 4.18.1 (security); `tar` 7.5.13; `basic-ftp` 5.3.0 (security); `flatted` 3.4.2; `bn.js` 4.12.3.\n  - SolidStartApp: `@codecov/solidstart-plugin` 2.0.1 (Node 20); `defu` 6.1.7 (prototype pollution fix); `undici` 6.25.0 (security).\n  - Mobile app: `picomatch` 2.3.2 (security); `fast-xml-parser` 4.5.6.\n\n- **Migration**\n  - `SolidStartApp` dev environment now requires Node 20+ (due to `@codecov/*` v2).\n  - Reinstall deps after merge. If E2E fails locally, run `npx playwright install`.\n\n\u003csup\u003eWritten for commit ee962edc9da327c351e2c3d02211d4b3233f1224. Summary will update on new commits.\u003c/sup\u003e\n\n\u003c!-- End of auto-generated description by cubic. --\u003e\n\n","html_url":"https://github.com/romanchaa997/Audityzer/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/romanchaa997%2FAudityzer/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"}},{"old_version":"5.1.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-19T14:05:12.000Z","version_change":"5.1.0 → 5.3.0","issue":{"uuid":"4291054989","node_id":"PR_kwDOEAWEP87TuN4Y","number":1583,"state":"open","title":"Bump the server-npm-security group across 1 directory with 5 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T14:05:12.000Z","updated_at":"2026-04-25T19:48:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"server-npm-security","update_count":5,"packages":[{"name":"basic-ftp","old_version":"5.1.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"libxmljs2","old_version":"0.35.0","new_version":"0.37.0","repository_url":"https://github.com/marudor/libxmljs2"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"tar","old_version":"6.2.1","new_version":"7.5.13"}],"path":null,"ecosystem":"npm"},"body":"Bumps the server-npm-security group with 4 updates in the /td.server directory: [basic-ftp](https://github.com/patrickjuchli/basic-ftp), [flatted](https://github.com/WebReflection/flatted), [libxmljs2](https://github.com/marudor/libxmljs2) and [lodash](https://github.com/lodash/lodash).\n\nUpdates `basic-ftp` from 5.1.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.1.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `libxmljs2` from 0.35.0 to 0.37.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/marudor/libxmljs2/commit/02594219a0220795a402a74c65f217d0f3e565f3\"\u003e\u003ccode\u003e0259421\u003c/code\u003e\u003c/a\u003e chore: support node 24\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/marudor/libxmljs2/compare/v0.35.0...v0.37.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `tar` from 6.2.1 to 7.5.13\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md\"\u003etar's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e7.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ezstd\u003c/code\u003e compression support.\u003c/li\u003e\n\u003cli\u003eConsistent TOCTOU behavior in sync t.list\u003c/li\u003e\n\u003cli\u003eOnly read from ustar block if not specified in Pax\u003c/li\u003e\n\u003cli\u003eFix sync tar.list when file size reduces while reading\u003c/li\u003e\n\u003cli\u003eSanitize absolute linkpaths properly\u003c/li\u003e\n\u003cli\u003ePrevent writing hardlink entries to the archive ahead of their\nfile target\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate \u003ccode\u003eonentry\u003c/code\u003e in favor of \u003ccode\u003eonReadEntry\u003c/code\u003e for clarity.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eonWriteEntry\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDRY the command definitions into a single \u003ccode\u003emakeCommand\u003c/code\u003e method,\nand update the type signatures to more appropriately infer the\nreturn type from the options and arguments provided.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate minipass to v7.1.0\u003c/li\u003e\n\u003cli\u003eUpdate the type definitions of \u003ccode\u003ewrite()\u003c/code\u003e and \u003ccode\u003eend()\u003c/code\u003e methods on\n\u003ccode\u003eUnpack\u003c/code\u003e and \u003ccode\u003eParser\u003c/code\u003e classes to be compatible with the\nNodeJS.WritableStream type in the latest versions of\n\u003ccode\u003e@types/node\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop support for node \u0026lt;18\u003c/li\u003e\n\u003cli\u003eRewrite in TypeScript, provide ESM and CommonJS hybrid\ninterface\u003c/li\u003e\n\u003cli\u003eAdd tree-shake friendly exports, like \u003ccode\u003eimport('tar/create')\u003c/code\u003e\nand \u003ccode\u003eimport('tar/read-entry')\u003c/code\u003e to get individual functions or\nclasses.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003echmod\u003c/code\u003e option that defaults to false, and deprecate\n\u003ccode\u003enoChmod\u003c/code\u003e. That is, reverse the default option regarding\nexplicitly setting file system modes to match tar entry\nsettings.\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eprocessUmask\u003c/code\u003e option to avoid having to call\n\u003ccode\u003eprocess.umask()\u003c/code\u003e when \u003ccode\u003echmod: true\u003c/code\u003e (or \u003ccode\u003enoChmod: false\u003c/code\u003e) is\nset.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/d6611ae951056addb77c6e11baf7bcc9d7648e46\"\u003e\u003ccode\u003ed6611ae\u003c/code\u003e\u003c/a\u003e 7.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/119c401f4f7efbeb112d28f9dfc9c489674c9a79\"\u003e\u003ccode\u003e119c401\u003c/code\u003e\u003c/a\u003e fix(extract): prevent raced symlink writes outside cwd\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2a294d3fbb24c18dc80f31059f49dd9af15653fe\"\u003e\u003ccode\u003e2a294d3\u003c/code\u003e\u003c/a\u003e 7.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/01082a42c3256ca6054f9627911cce4dbfe00d92\"\u003e\u003ccode\u003e01082a4\u003c/code\u003e\u003c/a\u003e fix: reject top promise on floating addFilesAsync rejections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/dd1c36ab7acff26e5a34935d17f27a45bb088db3\"\u003e\u003ccode\u003edd1c36a\u003c/code\u003e\u003c/a\u003e linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/35a1ffe73eb4aa05cd2613f8fdcfb4c9c9ed59f9\"\u003e\u003ccode\u003e35a1ffe\u003c/code\u003e\u003c/a\u003e doc: more clarity in security warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/bf776f673164215074b62749e0fe80e5834588f4\"\u003e\u003ccode\u003ebf776f6\u003c/code\u003e\u003c/a\u003e 7.5.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad\"\u003e\u003ccode\u003ef48b5fa\u003c/code\u003e\u003c/a\u003e prevent escaping symlinks with drive-relative paths\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/97cff15d3539a37a4095eb3d287147d9d77c2dc3\"\u003e\u003ccode\u003e97cff15\u003c/code\u003e\u003c/a\u003e docs: more security info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-tar/commit/2b72abc1d47c3570e1ad95c9ab557fc4c2e6e4b1\"\u003e\u003ccode\u003e2b72abc\u003c/code\u003e\u003c/a\u003e 7.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~isaacs\"\u003eisaacs\u003c/a\u003e, a new releaser for tar since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/OWASP/threat-dragon/pull/1583","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/OWASP%2Fthreat-dragon/issues/1583","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1583/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-19T11:23:16.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4290686398","node_id":"PR_kwDOR_mqFc7TtIBg","number":1,"state":"open","title":"chore(deps): Bump the npm_and_yarn group across 1 directory with 9 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-19T11:23:16.000Z","updated_at":"2026-04-19T11:24:03.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","group_name":"npm_and_yarn","update_count":9,"packages":[{"name":"next","old_version":"15.1.11","new_version":"15.5.15","repository_url":"https://github.com/vercel/next.js"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"glob","old_version":"10.4.5","new_version":"10.5.0","repository_url":"https://github.com/isaacs/node-glob"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"protobufjs","old_version":"7.4.0","new_version":"7.5.5","repository_url":"https://github.com/protobufjs/protobuf.js"},{"name":"react-router","old_version":"7.1.5","new_version":"7.14.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"yaml","old_version":"2.7.0","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 9 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `15.1.11` | `15.5.15` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [glob](https://github.com/isaacs/node-glob) | `10.4.5` | `10.5.0` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.2.0` | `5.3.0` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.4.0` | `7.5.5` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.1.5` | `7.14.1` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.8.3` |\n\n\nUpdates `next` from 15.1.11 to 15.5.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat(next/image): add lru disk cache and images.maximumDiskCacheSize (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91660\"\u003e#91660\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/90304\"\u003e#90304\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/lllomh\"\u003e\u003ccode\u003e@​lllomh\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev15.5.13\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: patch http-proxy to prevent request smuggling in rewrites (See: \u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ggv3-7p47-pfv8\"\u003eCVE-2026-29057\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/412eb90b6587ec02e8361c92efa9091487e7348f\"\u003e\u003ccode\u003e412eb90\u003c/code\u003e\u003c/a\u003e v15.5.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cb90de98be409653f39ec602072740b38689a4e5\"\u003e\u003ccode\u003ecb90de9\u003c/code\u003e\u003c/a\u003e [15.x] Avoid consuming cyclic models multiple times (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/74\"\u003e#74\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fffef9ef3059a4883def5b847315fb6017668846\"\u003e\u003ccode\u003efffef9e\u003c/code\u003e\u003c/a\u003e Fix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d7b012d787c01e0435f8cdf2a47211891668d13b\"\u003e\u003ccode\u003ed7b012d\u003c/code\u003e\u003c/a\u003e v15.5.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2b0525123245da5b1b9d1abedc636c5fd3ee1d07\"\u003e\u003ccode\u003e2b05251\u003c/code\u003e\u003c/a\u003e [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/f88cee9604f0ec8ab869a2f94ced984194277b9e\"\u003e\u003ccode\u003ef88cee9\u003c/code\u003e\u003c/a\u003e Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/cfd5f533b08df3038476dcd54f1d6d660d85f069\"\u003e\u003ccode\u003ecfd5f53\u003c/code\u003e\u003c/a\u003e v15.5.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/15f28911fd272041707dbf6b7c07d62642593be8\"\u003e\u003ccode\u003e15f2891\u003c/code\u003e\u003c/a\u003e [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d23f41c42506005fe6978e076a1ccbf8979e4925\"\u003e\u003ccode\u003ed23f41c\u003c/code\u003e\u003c/a\u003e v15.5.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8e75765a6544dc0e6b20aefeade7d33190ffcb7c\"\u003e\u003ccode\u003e8e75765\u003c/code\u003e\u003c/a\u003e fix unlock in publish-native\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v15.1.11...v15.5.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `glob` from 10.4.5 to 10.5.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/56774ef73b495eb0b17cdd0f42921f5ef62297c1\"\u003e\u003ccode\u003e56774ef\u003c/code\u003e\u003c/a\u003e 10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/node-glob/commit/1e4e297342a09f2aa0ced87fcd4a70ddc325d75f\"\u003e\u003ccode\u003e1e4e297\u003c/code\u003e\u003c/a\u003e bin: Do not expose filenames to shell expansion\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.4.0 to 7.5.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eprotobufjs: v7.5.4\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.3\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eoptimize regressions from editions implementations (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2066\"\u003e#2066\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6406d4c18afae309fc7b5f4a24d9674d85da180b\"\u003e6406d4c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ereserved field inside group blocks fail parsing (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2058\"\u003e#2058\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/56782bff0c4b5132806eb1a6bc4d08f930c4aaad\"\u003e56782bf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.0\"\u003e7.5.0\u003c/a\u003e (2025-04-15)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f04ded3a03a3ddd383f0228e2fe2627a51f31aa3\"\u003ef04ded3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eadd Edition 2023 Support (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ac9a3b9fe3134d48187e41b08d54ffaceddc6c1b\"\u003eac9a3b9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v8.0.0...protobufjs-v8.0.1\"\u003e8.0.1\u003c/a\u003e (2026-03-11)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebump protobufjs dependency version for cli package (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2128\"\u003e#2128\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/549b05ecd95e23da40fa1a36a9336c57946b8377\"\u003e549b05e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ecorrect json syntax in tsconfig.json (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2120\"\u003e#2120\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/80656255c75000f3e954e036cdfcb5bfd0a8c687\"\u003e8065625\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edescriptor:\u003c/strong\u003e guard oneof index for non-Type parents (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2122\"\u003e#2122\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/1cac5cf811d0855b27dcde73a3a04d15efde3728\"\u003e1cac5cf\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edo not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f05e3c3bdd0b3c2cddbf8540bb5bd4d394a693ad\"\u003ef05e3c3\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efilter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75\"\u003e535df44\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v8.0.0\"\u003e8.0.0\u003c/a\u003e (2025-12-16)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd Edition 2024 Support (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2060\"\u003e#2060\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/53e8492cbaae2c741801fa50b5f908ff5129c3d7\"\u003e53e8492\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.3...protobufjs-v7.5.4\"\u003e7.5.4\u003c/a\u003e (2025-08-15)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003einvalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e5a3769a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.2...protobufjs-v7.5.3\"\u003e7.5.3\u003c/a\u003e (2025-05-28)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edescriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e6e255d4\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.1...protobufjs-v7.5.2\"\u003e7.5.2\u003c/a\u003e (2025-05-14)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e4b51cb2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.0...protobufjs-v7.5.1\"\u003e7.5.1\u003c/a\u003e (2025-05-08)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/086b19d00d1d01e801d6ccc2ae3f207bb1b06482\"\u003e\u003ccode\u003e086b19d\u003c/code\u003e\u003c/a\u003e fix: do not allow setting \u003cstrong\u003eproto\u003c/strong\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/827ff8e48253e9041f19ac81168aa046dbdfb041\"\u003e\u003ccode\u003e827ff8e\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2093\"\u003e#2093\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/5a3769a465fead089a533ad55c21d069299df760\"\u003e\u003ccode\u003e5a3769a\u003c/code\u003e\u003c/a\u003e fix: invalid syntax in descriptor.proto (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2092\"\u003e#2092\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/f42297b29d15c8e0382744a83f5147a1aa978f42\"\u003e\u003ccode\u003ef42297b\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2076\"\u003e#2076\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/6e255d4ad6982cc857f26e1731c2cedcf5796f68\"\u003e\u003ccode\u003e6e255d4\u003c/code\u003e\u003c/a\u003e fix: descriptor extensions handling post-editions (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2075\"\u003e#2075\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/9467abe5af0aa5de3e4cf26b9e1a85c97f5eebd0\"\u003e\u003ccode\u003e9467abe\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/4b51cb2b8450b77f9f5de1c562e7fae93b19d040\"\u003e\u003ccode\u003e4b51cb2\u003c/code\u003e\u003c/a\u003e fix: ensure that types are always resolved (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2068\"\u003e#2068\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/69cced8e00216f1aed69593187ac0c2e34807208\"\u003e\u003ccode\u003e69cced8\u003c/code\u003e\u003c/a\u003e chore: release master (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2067\"\u003e#2067\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.4.0...protobufjs-v7.5.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~fenster\"\u003efenster\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `react-router` from 7.1.5 to 7.14.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/releases\"\u003ereact-router's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.14.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.14.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.13.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.12.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.11.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.10.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.6\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.5\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.4\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.3\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.1\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.9.0\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.8.2\u003c/h2\u003e\n\u003cp\u003eSee the changelog for release notes: \u003ca href=\"https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\"\u003ehttps://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md\"\u003ereact-router's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.14.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix a potential race condition that can occur when rendering a \u003ccode\u003eHydrateFallback\u003c/code\u003e and initial loaders land before the \u003ccode\u003erouter.subscribe\u003c/code\u003e call happens in the \u003ccode\u003eRouterProvider\u003c/code\u003e layout effect\u003c/li\u003e\n\u003cli\u003eNormalize double-slashes in redirect paths\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.14.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (\u003ca href=\"https://redirect.github.com/remix-run/react-router/pull/14901\"\u003e#14901\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eIf you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:\u003c/p\u003e\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth\u003eServer Component Export\u003c/th\u003e\n\u003cth\u003eClient Component\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerComponent\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003edefault\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerErrorBoundary\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eErrorBoundary\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerLayout\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eLayout\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003ccode\u003eServerHydrateFallback\u003c/code\u003e\u003c/td\u003e\n\u003ctd\u003e\u003ccode\u003eHydrateFallback\u003c/code\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003cp\u003eIf you were previously exporting a \u003ccode\u003eServerComponent\u003c/code\u003e, your \u003ccode\u003eErrorBoundary\u003c/code\u003e, \u003ccode\u003eLayout\u003c/code\u003e, and \u003ccode\u003eHydrateFallback\u003c/code\u003e were also server components. If you want to keep those as server components, you can rename them and prefix them with \u003ccode\u003eServer\u003c/code\u003e. If you were previously importing the implementations of those components from a client module, you can simply inline them.\u003c/p\u003e\n\u003cp\u003eExample:\u003c/p\u003e\n\u003cp\u003eBefore\u003c/p\u003e\n\u003cpre lang=\"tsx\"\u003e\u003ccode\u003eimport { ErrorBoundary as ClientErrorBoundary } from \u0026quot;./client\u0026quot;;\n\u003cp\u003eexport function ServerComponent() {\n// ...\n}\u003c/p\u003e\n\u003cp\u003eexport function ErrorBoundary() {\nreturn \u0026lt;ClientErrorBoundary /\u0026gt;;\n}\u003c/p\u003e\n\u003cp\u003eexport function Layout() {\n// ...\n}\u003c/p\u003e\n\u003cp\u003eexport function HydrateFallback() {\n// ...\n}\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eAfter\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/197674ba9fc1b72b452e17894e5e783bdab7a087\"\u003e\u003ccode\u003e197674b\u003c/code\u003e\u003c/a\u003e Release 7.14.1 (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14973\"\u003e#14973\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/583fcce37b44e71d5bdd82ee7c5bccf300c77d53\"\u003e\u003ccode\u003e583fcce\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/05f80c8b0fce9519ba88f2f379daf7660391a40e\"\u003e\u003ccode\u003e05f80c8\u003c/code\u003e\u003c/a\u003e Migrate changesets files to .changes files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/a87774f997d8ba497c97562840f0766250c3e4ce\"\u003e\u003ccode\u003ea87774f\u003c/code\u003e\u003c/a\u003e Add new release process (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14916\"\u003e#14916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f6d126809e88cc97fe206eae673f12ebbf2ed18c\"\u003e\u003ccode\u003ef6d1268\u003c/code\u003e\u003c/a\u003e Add new release process (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14916\"\u003e#14916\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/4547c80150032849dc4d85fc76c122219eea2939\"\u003e\u003ccode\u003e4547c80\u003c/code\u003e\u003c/a\u003e Fix rendering/router.subscribe race condition during hydration (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14497\"\u003e#14497\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/f7a01300d80967c566e08a666431ae40b89d6a63\"\u003e\u003ccode\u003ef7a0130\u003c/code\u003e\u003c/a\u003e Consolidate slash handling (\u003ca href=\"https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14962\"\u003e#14962\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/b768d621a69e99055ff27a50030c4915f5798665\"\u003e\u003ccode\u003eb768d62\u003c/code\u003e\u003c/a\u003e Update redirect docs with note on validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/80c67a953dab25811fd3f3b4e85ee0e43591300c\"\u003e\u003ccode\u003e80c67a9\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/remix-run/react-router/commit/201cd41be3e2fadf0fe851d9ac6c836458707ca3\"\u003e\u003ccode\u003e201cd41\u003c/code\u003e\u003c/a\u003e chore: format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/remix-run/react-router/commits/react-router@7.14.1/packages/react-router\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by [GitHub Actions](\u003ca href=\"https://www.npmjs.com/~GitHub\"\u003ehttps://www.npmjs.com/~GitHub\u003c/a\u003e Actions), a new releaser for react-router since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.7.0 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ce14587484822bffb0f7d31aefedcaf2dc0d0387\"\u003e\u003ccode\u003ece14587\u003c/code\u003e\u003c/a\u003e 2.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/1e84ebbea7ec35011a4c61bbb820a529ee4f359b\"\u003e\u003ccode\u003e1e84ebb\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during node composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6b24090280eaaab5040112bba41ccef57f39c2d5\"\u003e\u003ccode\u003e6b24090\u003c/code\u003e\u003c/a\u003e ci: Include Prettier check in lint action\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/9424dee38c85163fad53ac27533c7c4bdaf7495d\"\u003e\u003ccode\u003e9424dee\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/d1aca82bc15a4c261bdc58561d32189a5d3a45ef\"\u003e\u003ccode\u003ed1aca82\u003c/code\u003e\u003c/a\u003e Add trailingComma ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/43215099f7fcdac422d778c15e70d83c691b0e41\"\u003e\u003ccode\u003e4321509\u003c/code\u003e\u003c/a\u003e ci: Drop the branch filter from GitHub PR actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/47207d0fc7d4f863cd5fbdcff1378637bd93e847\"\u003e\u003ccode\u003e47207d0\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/5212faeed5936d1fa291d2f28672e4a96e2c2c5d\"\u003e\u003ccode\u003e5212fae\u003c/code\u003e\u003c/a\u003e chore: Update docs-slate\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/086fa6b5bae325da18734750cddee231ce578930\"\u003e\u003ccode\u003e086fa6b\u003c/code\u003e\u003c/a\u003e 2.8.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/95f01e98032ddf199b42bb3ba0737303b35ef752\"\u003e\u003ccode\u003e95f01e9\u003c/code\u003e\u003c/a\u003e chore: Add funding to package.json\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.7.0...v2.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/shreybansal365/StudentSphere/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/shreybansal365/StudentSphere/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shreybansal365%2FStudentSphere/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-19T11:02:34.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4290647751","node_id":"PR_kwDOQhEafs7TtBRQ","number":25,"state":"closed","title":"build(deps): bump basic-ftp from 5.2.0 to 5.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-19T11:04:10.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-19T11:02:34.000Z","updated_at":"2026-04-19T11:04:14.000Z","time_to_close":96,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"}],"path":null,"ecosystem":"npm"},"body":"Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.2.0 to 5.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=basic-ftp\u0026package-manager=npm_and_yarn\u0026previous-version=5.2.0\u0026new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/renleihaokun/Mizuki-blog/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/renleihaokun/Mizuki-blog/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/renleihaokun%2FMizuki-blog/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"5.2.0","new_version":"5.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-18T22:04:16.000Z","version_change":"5.2.0 → 5.3.0","issue":{"uuid":"4289299684","node_id":"PR_kwDORpDpkM7TpGD3","number":7,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 3 updates","user":"dependabot[bot]","labels":["dependencies","javascript","configuration"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T22:04:16.000Z","updated_at":"2026-04-18T22:08:57.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":3,"packages":[{"name":"axios","old_version":"1.14.0","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"basic-ftp","old_version":"5.2.0","new_version":"5.3.0","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [axios](https://github.com/axios/axios), [basic-ftp](https://github.com/patrickjuchli/basic-ftp) and [follow-redirects](https://github.com/follow-redirects/follow-redirects).\n\nUpdates `axios` from 1.14.0 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 — April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.2.0 to 5.3.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/07e9fc5e48ecef4b807d47bb3b5f1aa93e6e67dd\"\u003e\u003ccode\u003e07e9fc5\u003c/code\u003e\u003c/a\u003e Update dev dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/e9d09d6815b300b73e1297cdcf91786a979ef212\"\u003e\u003ccode\u003ee9d09d6\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.2.0...v5.3.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Nick2bad4u/eslint-plugin-write-good-comments-2/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Nick2bad4u/eslint-plugin-write-good-comments-2/pull/7","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nick2bad4u%2Feslint-plugin-write-good-comments-2/issues/7","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/7/packages"}}]}